FW: New block types to save the result of analysing a capture(Port map)

[Anders Broman <anders.broman () ericsson com>]

hi,
I tried to send this to the pcap-ng mailing list but it looks like it failed.
Regards
Anders

________________________________
From: Anders Broman
Sent: den 4 juni 2012 09:06
To: 'pcap-ng-format () winpcap org'
Subject: FW: New block types to save the result of analysing a capture(Port map)



Hi,
It could be useful to have pcap-ng blocks to save information across
analysis sessions such as which protocol
is to be dissected for UDP/TCP/SCTP/.../ packets to/from a port
combination especially if the packets forming the
basis for determining that is no longer in the trace e.i filtered out.
There might also be a need for vendor specified
blocks to save information in a form specific to a analysis tool such as
Wireshark.

How about specifying a block similar to the address resolution block
listing containing:
Carrier protocol (UDP) IP A Port A IP B PORT B Destination protocol RTP

One problem is the protocol names, is a registry needed? String or
number representation? etc..

Comments?

Regards
Anders



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe