On Thu, May 27, 2004 at 10:02:57AM -0500, Mark H. Wood wrote:
> While you're at it you can also register some capture filetype
> associations with Ethereal.ethereal.1 so that Explorer and the START
> command will "know" how to open them.
If by "capture filetype" you mean "file suffix", there are a couple of
problems:
1) there's no "standard" suffix for libpcap files - WildPackets'
ProConvert (a Windows application for converting between
various capture file formats) uses ".dmp" (".cap" is a Very
Bad Choice, because a number of other network analyzers have
made the same unimaginative choice, so if we used it it'd
make it that much more difficult if you have multiple network
analyzers installed, especially because we don't read all the
capture file formats listed for ".cap" on the page at
http://www.wildpackets.com/products/proconvert/files
) - note that the "Nokia Firewall" listed is *probably* the
Nokia hardware that perversely uses some modified
incompatible libpcap format with the same magic number as
standard libpcap, so the use of ".dmp" for it is not a real
problem;
2) if we grab any of the *other* suffixes, we end up displacing
native applications.
If we're obliged to pick a standard Windows file suffix, I'd be inclined
to go with ".dmp" unless some important application also uses it.
At least on the free-software UN*X desktops the suffix isn't the only
item used - KDE, at least, and I think also GNOME associate applications
with MIME types, and determine the MIME type of a file based not only on
the file suffix but also on the file *contents*, using, I think, the
same general scheme as the "file" command. Perhaps tcpdump.org should
register a MIME type for tcpdump capture files - I'll propose that on
tcpdump-workers@xxxxxxxxxxx.
Unfortunately, at least one of the non-free-software UN*X desktops (the
one from a certain fruit-flavored manufacturer of PowerPC-based UN*X
workstations and servers) uses only suffixes....