Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-dev: [Wireshark-dev] PCAP File Question

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: "Barry Constantine" <Barry.Constantine@xxxxxxxx>
Date: Tue, 2 Dec 2008 05:55:27 -0800

Hello,

My company builds hardware based network analyzers and we are going to capture 1G/10G line rate and store in native pcap format.

If possible, it would be beneficial for us to store some extra information in the packet headers that is unique to our ability to use custom NIC hardware (FCS errors, collisions, etc..).

I looked at the PCAP format and am thinking there are no spare bits / fields to accomplish this. We do plan to enable nsec timestamp option.

Can anyone tell me if there is a way to store additional information in the pcap file (per packet) that would not cause problems for normal Wireshark decoding?

Thanks,

Barry

Principal Member of Technical Staff

JDSU Communication Test (formerly Acterna)

Emerging Markets and Technology Research

One Milestone Center Court

Germantown, MD 20876

(W) 240-404-2227

Follow-Ups:
- Re: [Wireshark-dev] PCAP File Question
  - From: Guy Harris

Prev by Date: Re: [Wireshark-dev] How to share enhanced plugin
Next by Date: Re: [Wireshark-dev] PCAP File Question
Previous by thread: Re: [Wireshark-dev] PCAP File Question
Next by thread: Re: [Wireshark-dev] PCAP File Question
Index(es):
- Date
- Thread