Ethereal-users: [Ethereal-users] Wiretap library

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: John McHugh <mchugh@xxxxxxxxx>
Date: Tue, 30 May 2006 09:09:21 -0300
I have a need to work with a large amount of compressed (.gz) packet header data obtained from ethernet sources with tcpdump. In compressed form, there are on the order of 10,000 files totaling about 160GB.
I would like to be able to open the files, and read the records without decompressing each file first. The current version of the program uses libpcap and I decompress the input into a pipe. I can only process one file per run and a large portion of my time is taken up with saving and restoring state between runs.
Has anyone had experience using wiretab as a library to support this kind of activity? Is there any documentation that would help identify the appropriate interface routines? A search of the ethereal site shows discussion of this in the early days of the project, but nothing recently. 

John McHugh

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users