Re: Annotating capture files and/or pcap pre-processing

[Guy Harris <guy () alum mit edu>]

On Nov 11, 2010, at 3:55 PM, Jouni Malinen wrote:

> Is pcap-ng likely to materialize any time soon?

Define "materialize".  Wireshark is capable of reading and writing pcap-ng files, and has been capable of that for a 
while; libpcap 1.1.x can also read pcap-ng files that have only one link-layer type and snapshot length (because no API 
changes have been made to expose the additional capabilities).  Wireshark currently doesn't support the per-packet 
option fields, so it doesn't read the comments for the packet; if it were extended to support that, it could be used 
(although programs using libpcap to process packets wouldn't see the comments - and, unless they include their own 
pcap-ng code, they wouldn't be able to write out the files as pcap-ng files, so the comments and other options would be 
lost).
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe