Wireshark-users: Re: [Wireshark-users] Does Wireshark maintain the Per-Packet Information (PPI) H

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 3 Mar 2015 21:57:16 -0800
On Mar 3, 2015, at 5:49 PM, Dave Stephenson <daves@xxxxxxxxxxxxxxxxxx> wrote:

> I posted the email below to the winpcap-users list mid-Feburary and have not received any response.  Am wondering if winpcap’s PPI specification

It's not WinPcap's specification; it happens to have been developed by the people at CACE Technologies, which was founded by some of the people who developed WinPcap, but there's nothing WinPcap-specific about it.

> has been take over by Wireshark community?

It hasn't.

Personally, I look forward to radiotap:

	http://www.radiotap.org/

being capable of providing all the 802.11 metadata that PPI can (if it can't already do so), and to having the time to add full pcap-ng support to libpcap and tcpdump so that there's no need to use PPI in order to encapsulate multiple types of network traffic in a single file or to represent any 802.11 metadata, and thus to PPI no longer having any capabilities that aren't offered by radiotap+pcap-ng or, for captures that don't need multiple link-layer types, offered by radiotap, so that nobody needs to use PPI.

If you're trying to provide metadata in 802.11 captures, you might want to pursue adding the capability to radiotap, instead.  Radiotap's being developed a bit more actively than PPI, and has a bit more of an open development process (an open mailing list and a website), although the last message I received on the list was from last November.