Re: [OPSAWG] New Version Notification for draft-tuexen-opsawg-pcapng-02.txt

[Guy Harris via tcpdump-workers <tcpdump-workers () lists tcpdump org>]

> --- Begin Message ---
>
>
> From: Guy Harris <gharris () sonic net>
>
> Date: Wed, 30 Sep 2020 00:24:52 -0700
>
> On Sep 29, 2020, at 7:14 PM, Qin Wu <bill.wu () huawei com> wrote:
>
> > Can you clarify what functionalities is missed for more modern applications? Since it is enhancement to libpcap, do 
> > you expect all the future packet capture tools support the format defined in this draft?
>
> pcapng is a file format that's a replacement for pcap.
>
> The current version of libpcap can read some pcapng files, but it only shows what can be shown through the existing 
> pcap API, so most of the enhancements don't make a difference to programs using libpcap.  That version of libpcap 
> cannot *write* pcapng files.
>
> macOS's version of libpcap has undocumented APIs that allow macOS's tcpdump to read and write pcapng files.
>
> Wireshark doesn't use libpcap to read capture files; it fully supports reading and writing pcapng files.
>
> In the future, we would like to add new APIs to libpcap that support reading and writing pcapng files (and pcap files 
> as well); the new APIs will make all of the added capabilities of pcapng available.  However, programs that use libpcap 
> will have to be changed to use the new APIs in order to use those added capabilities.  tcpdump will probably be the 
> first program updated to use them.
>
> --- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers