[Winpcap-users] new winpcap file format, saving also custom data ?
Tecnowatt - Massimo Sala
massimo.sala at tecnowatt.com
Tue May 30 07:17:32 GMT 2006
Gianluca> That's exactly the purpose of pcap-ng: allowing apps to save
packets as well
Gianluca> as other information into the file.
Massimo>> The idea: add a few APIs to Winpcap, for example
Massimo>> int pcap_file_add_record(pcap_t *adhandle, unsigned char
*pkt_data)
Massimo>> to save in the current dump file the application custom data.
Gianluca> Uhm, what about older applications, that do not know about this
new flag?
Gianluca> They will try to interpret the OOB data as a packet...
Gianluca, thanks for your fast answer.
>From your explanations, the new pcap-ng file format seems to be a huge and
far-in-time work.
What about modify slightly the current file format to allow for custom
packets ?
About older applications, we can use some "trick", for example mark the
custom packets with a specific value in the Ethernet protocol file.
It isn't very polite, but I think it is easy and quick to do.
Moreover I think that
- my application save these data, it can also decode them;
- if I exchange my ACP dump files with custom data with
non-custom-data-aware applications, I have to know what I am doing...
I know, I am bringing the water to my watermill, but perhaps this feature -
take all the session information inside only one file - can be useful for
many applications.
Just my two cents,
Massimo
More information about the Winpcap-users
mailing list