Wireshark · Wireshark-dev: [Wireshark-dev] What is the history and status of PCAP Next Generation?

Wireshark-dev: [Wireshark-dev] What is the history and status of PCAP Next Generation?

From: Matthias <wireshark@xxxxxxxxxxxxxxxxxxxx>

Date: Mon, 30 Sep 2013 10:57:07 +0200

Hi,

I'm looking at the PCAP Next generation file format. I thought people
here might know more about it. Questions first, explanation below.

  Q1: Is the version of the pcap-ng spec I found the latest one?

       https://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html

  Q2: What is the status of pcap-ng?

      * "it works fine, everyone's using it, it just isn't an RFC"
   or * "it's an abandoned effort, plain pcap is good enough"
   or * "all development has moved to X, take a look at X"

Here's what I've figured out by surfing a bit:

  2004: People wrote an Internet Draft about a new PCAP format.
        I found it here:   http://www.tcpdump.org/pcap/pcap.html

  2007/2008: Wireshark got support for pcap-ng.  I
        see mail from e.g. Ulf Lamping about implementing it:

        http://article.gmane.org/gmane.network.wireshark.devel/7235/match=pcapng

  2007/2008/2009: Small changes were made to the now expired Internet
        draft by the original authors, plus Guy Harris and Ulf Lamping.

As far as I can tell, some tools, e.g. 'tcpdump' never moved to pcap-ng.

But other tools, e.g. wireshark and dumpcap, seem to use it by default.

I'm guessing that the answer to my questions is

  Q1: Yes
  Q2: It works fine, everyone's using it, it just isn't an RFC.

Matt.

Follow-Ups:
- Re: [Wireshark-dev] What is the history and status of PCAP Next Generation?
  - From: Guy Harris

Prev by Date: [Wireshark-dev] Some wmem wishes
Next by Date: Re: [Wireshark-dev] What is the history and status of PCAP Next Generation?
Previous by thread: Re: [Wireshark-dev] Some wmem wishes
Next by thread: Re: [Wireshark-dev] What is the history and status of PCAP Next Generation?
Index(es):
- Date
- Thread