Wireshark · Ethereal-dev: Re: [ethereal-dev] wiretap and print suggestions

Ethereal-dev: Re: [ethereal-dev] wiretap and print suggestions

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxxxxx>

Date: Sun, 5 Dec 1999 18:36:49 -0800

> If the filename ends with ".gz" and zlib support is available, wiretap
> should save the file compressed.

...if it's a format that can be saved without doing any seeks.  (Some
formats would require that, unless we significantly changed the way we
save packets - for example, the Network Monitor format requires that the
header of the file contain:

	a time stamp for the start of the capture - the time stamps of
	the packets are given as a 32-bit count of milliseconds since
	that time;

	in effect, the offset right past the last packet of the file, as
	that's the offset of a table of starting offsets for all the
	frames.

There are ways in which that could perhaps be done without seeks - but
given that Network Monitor can't read gzipped files, it's not clear it'd
be worth saving files in NetMon format gzipped; you could get a
gunzipper for Windows, but....)

References:
- [ethereal-dev] wiretap and print suggestions
  - From: Nathan Neulinger

Prev by Date: Re: [ethereal-dev] changing display options to be part of preferences
Next by Date: Re: [ethereal-dev] changing display options to be part of preferences
Previous by thread: [ethereal-dev] wiretap and print suggestions
Next by thread: Re: [ethereal-dev] wiretap and print suggestions
Index(es):
- Date
- Thread