> -----Original Message-----
> From: Richard Sharpe [mailto:rsharpe@xxxxxxxxxxxxxxxxx]
> Sent: Friday, January 02, 2004 6:48 PM
> To: Sanderson, George W
> Cc: ethereal-dev@xxxxxxxxxxxx
> Subject: Re: [Ethereal-dev] RFC: Perl NetXRay cap module
>
>
> On Fri, 2 Jan 2004, Sanderson, George W wrote:
>
> > I was thinking that the C routines in wiretap/netxray.c
> could be hooked
> > into a Perl module in order to read a cap file and that the
> NetPacket
> > Perl module could be used to parse the raw packet data.
>
> What might be more interesting is if the whole wiretap
> library were made
> available in Perl.
>
>
> Do you absolutely need NetXRay?
>
I am ignorant of the NetXRay history. I thought that NetXRay was the prior Sniffer product, and that the *.cap files included different version numbers that covered the different *.cap file formats. I also thought that the imbedded version number allowed the correct wiretap processing to open, read, write, and close *.cap files. Perhaps someone could point me to a reference (URL) that describes the *.cap Sniffer history.
After considering both of the following code architectures:
1) directly coding the *.cap Perl routines to read a *.cap files, like what was done in the "response-time.zip" file from http://www.netapp.com/tech_library/usenix-nt97.html
2) verses, using Perl XS with the Ethereal /wiretap C routines,
I thinks that it would be better to go the XS route.
The main reason being that all of the input data sources (including pcap) could become available, not just a *.cap input file.
It would be nice if there was an Ethereal API library, like winpcap and packet for pcap. That way versioning could be handled easier.