Hello GV -
Thanks for the reply!
It's interesting to see how people work around the limitations in the
current pcap format. One I'm is thinking of doing is utilizing the
Ethernet Trailer (which you almost /never/ see anymore) to associate a
lot of the data that pcap-ng would provide in a more elegent fashion.
With a custom dissector, that should give us a lot of the features we're
looking for.
Is the seeking problem a mechanics issue, or an API issue? I'd be
interest in talking about it more with you, or perhaps contributing a
bit if that makes sense.
How difficult will the integration into the std tools (tcpdump,
Wireshark, et al) be once a consistent API is implemented? One wonders
if it would be possible to provide a pcap interface to a pcap-ng file,
and circumvent a lot of the immediate compatibility issues.
Cheers!
--Benn
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-
> bounces@xxxxxxxxxxxxx] On Behalf Of Gianluca Varenni
> Sent: Thursday, January 11, 2007 4:39 PM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Is pcap-ng/ntar still in roadmap?
>
> Benn,
>
> regarding the NTAR project (i.e. the only implementation of the
pcap-ng
> "wannabe" spec so far) that I "maintain", I've been pretty busy in the
> last
> year or so, thus not being able to work on it. The project is not dead
at
> all, I'm simply giving priority to other tasks...
>
> As far as the integration with wireshark is concerned, technically
> speaking
> there is one big feature missing from NTAR that is needed by
wireshark,
> that
> is seeking within a file.
> I started working on it during the xmas holidays, but I haven't come
out
> with a definitive API for it. The main problem I'm having is the
hierarchy
> of the file (packets are embedded in blocks which are grouped into
> sections)
> that make everything much more complicated. I plan to work on it in
the
> upcoming weeks and post something on the NTAR website as soon as
possible.
>
> I think that the wireshark devs have a great interest in moving to
pcap-ng
> as the standard trace format (being it through NTAR or reimplementing
the
> spec), I have no idea where this task sits within the Wireshark
roadmap,
> and
> if this task would fit before or after the 1.0 milestone.
>
> Have a nice day
> GV
>
>
>
> ----- Original Message -----
> From: "Benn Bollay" <benn@xxxxxx>
> To: "Developer support list for Wireshark"
<wireshark-dev@xxxxxxxxxxxxx>
> Sent: Wednesday, January 10, 2007 2:27 PM
> Subject: [Wireshark-dev] Is pcap-ng/ntar still in roadmap?
>
>
> > Hello all -
> >
> > Is the next-gen pcap format still in the roadmap at all? I've heard
> > nothing about it for ages; there doesn't seem to be any discussions,
nor
> > any implemention details for well over a year now.
> >
> > I'm trying to decide whether I should hack-up the libpcap format or
> > spend more development effort and move entirely to something else.
> >
> > Cheers,
> > --Benn
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
