<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Aug 25, 2015 at 5:32 AM, Hadriel Kaplan <span dir="ltr"><<a href="mailto:the.real.hadriel@gmail.com" target="_blank">the.real.hadriel@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">My 2 cents: I wouldn't mix it in with the draft-spec repo - you can<br>
always create another repo under the "pcapng" organization, and put a<br>
link in the README if need be.<br></blockquote><div>+1 with create a specific repo for ntartest (pcapngtest ?) <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
As for the "tool" itself, I think it's too simplistic, at least for<br>
verification. By the time you add all the details for each field and<br>
option, and do cross-verification of things like Interface-IDs and<br>
such, you might as well have just improved the recently-added pcapng<br>
format dissector in wireshark/tshark to add expert info for all the<br>
conditions. (I've been tempted to do just that, but I'm waiting for<br>
Michal Labedzki to upload a change he claims will make the current<br>
format dissector not look like such a hack)<br>
<span class="HOEnZb"><font color="#888888"><br>
-hadriel<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
On Mon, Aug 24, 2015 at 11:08 PM, Guy Harris <<a href="mailto:guy@alum.mit.edu">guy@alum.mit.edu</a>> wrote:<br>
> The Wireshark Wiki page on pcapng:<br>
><br>
> <a href="https://wiki.wireshark.org/Development/PcapNg" rel="noreferrer" target="_blank">https://wiki.wireshark.org/Development/PcapNg</a><br>
><br>
> has an attachment "ntartest.c" that's a small test program to read pcapng files:<br>
><br>
> "ntartest - a simplistic standalone pcapng (ntar) file reader<br>
><br>
> Included below is the C source code to a very simplistic program to read and dump header information about a pcapng (a.k.a. ntar) file. This program has been successfully compiled using gcc and used on several different types of systems including Linux, cygwin and Solaris 9."<br>
><br>
> <a href="https://wiki.wireshark.org/Development/PcapNg?action=AttachFile&do=view&target=ntartest.c" rel="noreferrer" target="_blank">https://wiki.wireshark.org/Development/PcapNg?action=AttachFile&do=view&target=ntartest.c</a><br>
><br>
> Should we add that to the pcapng repository? We might want to work on it to turn it into not only a pcapng dumper but a pcapng *verifier*, in order to, for example, verify the output of software writing pcapng files, as was requested in this Wireshark Q&A entry:<br>
><br>
> <a href="https://ask.wireshark.org/questions/44966/how-to-verifycheck-pcapng-format" rel="noreferrer" target="_blank">https://ask.wireshark.org/questions/44966/how-to-verifycheck-pcapng-format</a><br>
><br>
> We might also want to move some of the capture files attached to that Wireshark Wiki page to the repository for use as tests for pcapng readers.<br>
> _______________________________________________<br>
> pcap-ng-format mailing list<br>
> <a href="mailto:pcap-ng-format@winpcap.org">pcap-ng-format@winpcap.org</a><br>
> <a href="https://www.winpcap.org/mailman/listinfo/pcap-ng-format" rel="noreferrer" target="_blank">https://www.winpcap.org/mailman/listinfo/pcap-ng-format</a><br>
_______________________________________________<br>
pcap-ng-format mailing list<br>
<a href="mailto:pcap-ng-format@winpcap.org">pcap-ng-format@winpcap.org</a><br>
<a href="https://www.winpcap.org/mailman/listinfo/pcap-ng-format" rel="noreferrer" target="_blank">https://www.winpcap.org/mailman/listinfo/pcap-ng-format</a><br>
</div></div></blockquote></div><br></div></div>