On Sat, Jul 14, 2001 at 11:56:34AM -0500, Jeff Foster wrote:
> > "Capture files can me programmatically edited or converted via
> command-line
> > switches to the "editcap" program."
>
> Change the "me" to "be" and it comes closer to making sense. It means that
> you can use the "editcap" program to filter
What sort of filtering are you referring to? (If you mean "apply a
display filter, so that only those packets in the input capture file
that match the display filter will be written to the output capture
file, there's already a program to do that, called "tethereal":
tethereal -r input_file -w output_file filter
If you want to use a capture filter instead, there's a program to do
that, also, called "tcpdump".)
> or otherwise change a capture file.
To what sort of changes are you referring? By "programmatically" are you
implying that there should be a language that can be used to specify the
transformations to be performed, with editcap including an interpreter
for that language? (This is not a rhetorical question, i.e. I'm not
saying that it would be a bad idea to have such a language.)
> In addition ethereal has enough functional to allow you to write a
> program, using libraries from ethereal, that can manipulate capture files.
I.e., export Wiretap and libethereal+dissectors as a library with a
specified API, so that manipulations not done by Ethereal or editcap
(or, if editcap has a language of the sort described earlier, not doable
within that language) can be done by writing a program using those
libraries?