Re: PcapNG & Wireshark

[Guy Harris <guy () alum mit edu>]

On Jan 10, 2012, at 3:51 PM, Troy Coulombe wrote:

> With the recent release of 1.6.5, I was wondering if anyone was using PCAP-NG & a compatible version of Wireshark?

"A compatible version of Wireshark" would either be "a version of Wireshark that can read pcap-NG files" or "a version 
of Wireshark that, when capturing, can capture into a pcap-NG file", depending on what you mean by "using PCAP-NG".

> If so, is there a binary release for Win-XP of that?

1.6.5 can read pcap-NG files (the first release of Wireshark with pcap-NG support, including support for capturing into 
a pcap-NG file, was 1.2.0), and there is a binary release of 1.6.5.

> Do any of the developers know if PCAP-NG is still active?  The last web status shows 27-Jul-2009  L
> http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html

There might not have been many requests for additions to the pcap-NG format, although I did send some mail noting that 
the spec needs to clarify whether the UTF-8 strings in various options are supposed to be null-terminated as well as 
counted, and haven't received a reply yet.

> Maybe this is just a matter of keeping my Wireshark 1.6.5 & upgrading PCAP to PCAP-NG?

If by "upgrading PCAP to PCAP-NG" - "PCAP" and "PCAP-NG" aren't pieces of software that you'd update in that sense, 
they're file formats - you mean "selecting pcap-NG format when you're capturing", that should work.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe