Ethereal-users: Re: [Ethereal-users] TCPdump format

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 15 Jul 2003 10:14:52 -0700
On Tue, Jul 15, 2003 at 09:56:51AM +0100, Adrian R Conrad wrote:
> but I still think it would be helpful for Ethereal to document its
> trace file format explicitly (e.g. in an appendix to its
> documentation).

It's not Ethereal's format, it's libpcap's format.

At some point, "we" as in the tcpdump/libpcap developers (of which I'm
one) should probably do a "pcap(5)" man page to document the capture
file format.  However, that would require free time, and I don't have
very much right now, and I don't know whether any other libpcap/tcpdump
developer does, either.

> I understand that working through libpcap routines provides insulation
> against possible change, but the likelihood of savefile format change
> must be very low,

I would not make that assumption (given that there are some of us who
have been looking at doing a next-generation libpcap format).