Re: Wireshark 1.7.1 is now available

[Guy Harris <guy () alum mit edu>]

On Apr 6, 2012, at 6:57 PM, Gerald Combs wrote:

>     o Wireshark, TShark, and their associated utilities now save
>       files using the pcap-ng file format by default. (Your copy of
>       Wireshark might still use the pcap file format if pcap-ng is
>       disabled in your preferences.)

Note that libpcap 1.1 and later can read pcap-ng files as long as all interfaces whose packets are in the file have the 
same link-layer type and snapshot length (which will, obviously, always be the case if it was captured on only one 
interface).  Annotations are not seen by the application (and thus not written by libpcap-based programs), as the 
libpcap API doesn't currently provide a way to see them, but they won't prevent a libpcap-based program from reading a 
file with annotations.

>     o When saving packets, the default choice is now to save only
>       the displayed packets rather than all packets.

...and, I think, packets that are included in reassemblies with the displayed packets, right?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe