tcpdump mailing list archives
NSEC magic number in savefile.c
From: Pierre KARAMPOURNIS <pkarampournis () gmail com>
Date: Thu, 14 May 2009 14:58:04 -0400
Hello, A device like an Endace DAG can provide nanosecond timestamped packets using the usec field of the PCAP format to store the nanoseconds. Moreover, it seems that this variation of the PCAP format is tolerate if you use the NSEC_TCPDUMP_MAGIC magic number in your PCAP file. But in fact, this magic number is defined in savefile.c but is never used. Furthermore, if we try to use tools using libpcap to read nsec-pcap files, it won't work because of the following code (libpcap1.0.0 : savefile.c : line 1216) : if (magic != TCPDUMP_MAGIC && magic != KUZNETZOV_TCPDUMP_MAGIC) { snprintf(errbuf, PCAP_ERRBUF_SIZE, "bad dump file format"); goto bad; } But I want to use tcpdump with that kind of PCAPs so I modified savefile.c in libpcap and a few files in tcpdump to take advantage of this format. I thought it could be interesting if, when installing libpcap, we could configure the output PCAP format we want to use instead of the regular format (via options with ./configure for example) Is it usefull to add this possibility for the libpcap community ? Thanks, Pierre - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- NSEC magic number in savefile.c Pierre KARAMPOURNIS (May 14)
- Re: NSEC magic number in savefile.c Guy Harris (May 21)
- Re: NSEC magic number in savefile.c Pierre KARAMPOURNIS (May 21)
- Re: NSEC magic number in savefile.c Guy Harris (May 21)