----- Original Message -----
From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Sent: Thursday, September 27, 2007 4:52 PM
Subject: Re: [Wireshark-dev] [ntar-workers] ExtendingWireshark libpcap
format support, or start using pcapng now ?!?
...
I can definitely create some trace files, either synthetic or real (with
ntar). A friend of mine developed a simple app to convert libpcap files
into
pcap-ng files. I need to have a look at it. It depends if you want
simple
captures or something using the various features of pcap-ng (multiple
interfaces, multiple sections, different byte order in the file).
Some simple example files would be enough, it's only to find a starting
point (but I'm not in a hurry about that).
Sure, I will do that in a couple days.
Attached you can find a sample trace file (http.cap) taken from the
wireshark wiki, and the same capture converted into ntar (http.cap.ntar).
The ntar file was generated on my XP laptop, so the byte order is
little-endian. Also, it contains one section only. If you want a big-endian
file or a file with multiple sections, just let me know.
Have a nice day
GV
Attachment:
http.cap.ntar
Description: Binary data
Attachment:
http.cap
Description: Binary data
