Ethereal-dev: Re: [Ethereal-dev] Flexible file formats

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Gilbert Ramirez <gram@xxxxxxxxxx>
Date: Sat, 23 Dec 2000 12:25:11 -0600
On Fri, 22 Dec 2000 13:24:07 -0800
Guy Harris <gharris@xxxxxxxxxxxx> wrote:

> On Fri, Dec 22, 2000 at 05:05:07PM +0100, Peter Dons Tychsen wrote:
> > I am creating a packet trace (sniffer) function for a series of 
> > routers. The router supports many different interfaces (ISDN/WAN/LAN) 
> > and protcols (IP/TCP/PPP/HLDC....). In what file format should i save 
> > the output in to be as compatible with ethereal as possible. What 
> > format is most flexible? 
> 
> As Gilbert suggested, libpcap format is probably the best choice.  One
> of the things that makes it flexible is that libpcap is open source and
> actively being developed.

As a side note, the current version of the pcap file format should work
just fine for you, but if for some reason you need to change the format of
the headers of the file or its records, be sure to coordinate with
tcpdump-workers, and *never* change the file format w/o updating
the magic number in the file.... or Guy will get very very angry. :)

He's the one who has written all the heuristics in our pcap-support
to determine the version of the pcap file format when it is improperly
specified in the file.

--gilbert