Comment # 7
on bug 11754
from Guy Harris
If you can't construct the raw binary data of packets (and necessary metadata)
from it, it's not a capture file format.
You can't construct the raw binary data of packets from a dump of the protocol
tree; there might be missing pad fields, there might not be the raw binary data
for a particular field, etc., etc., etc.
So, no, PDML and JSON aren't capture file formats, any more than PDF is a
document revisable form.
You could have a tool that does its best to construct, say, a ${WORD_PROCESSOR}
document from a PDF file, and the tool might often succeed in giving you
something to start with, but you might still have to finish the job manually,
e.g. de-hyphenating words hyphenated in the process of building a PDF.
Similarly, somebody could try to write a program that takes the PDML or JSON
dissection of packets and tries to reconstruct the raw packet data - it might
have to have as significant knowledge of how the protocol is dissected, making
it *not* a candidate for libwiretap - but it might leave you with something
that needs more manual work.
You are receiving this mail because:
- You are watching all bug changes.