[ntar-workers] Re: [tcpdump-workers] [ANNOUNCE] NTAR - PCAP next generation dump file format implementation

Gianluca Varenni gianluca.varenni at gmail.com
Mon Jun 27 01:31:17 GMT 2005 

Hi Stephen.

NTAR is a separate library to read and write the so-called "pcap-ng" file 
format. The idea is to have a new library supporting the file format, since 
the problem of managing trace files spans multiple applications and 
libraries (not only libpcap), that's the reason for a separate project.

NTAR does not read libpcap trace files (you can use libpcap for that), at 
least now.
The idea (my idea, actually) is to modify libpcap to support the new file 
format, maintaining backwards compatibility for the old file format (i.e. 
libpcap will always read old files), and writing to the new file format 
(either by default or through a specific flag/new API). And my goal is 
libpcap using NTAR to deal with the new file format :-)

Hope this clarifies things...

Have a nice day
GV


----- Original Message ----- 
From: "Stephen Donnelly" <stephen at endace.com>
To: <tcpdump-workers at lists.tcpdump.org>
Cc: <ntar-workers at winpcap.org>
Sent: Sunday, June 26, 2005 6:16 PM
Subject: [ntar-workers] Re: [tcpdump-workers] [ANNOUNCE] NTAR - PCAP next 
generation dump file format implementation


> I'm a bit confused about naming. How does NTAR stand with respect to 
> libpcap?
>
> Is it in fact libpcap 1.0? Or just an independent implementation of the 
> proposed/agreed format for 'libpcap-ng'?
>
> Can NTAR read 'old' format libpcap traces?
>
> What's next for libpcap development, is there the intent for a new version 
> of libpcap to also process the new format? Independently of NTAR? With or 
> without backwards compatibility at the file reading or API levels?
>
> Thanks,
> Stephen.
>
> Gianluca Varenni wrote:
>> Hi all.
>>
>> This mail is to announce the birth of the NTAR project. NTAR stands for
>> Network Trace Archival and Retrieval library, and is an implementation of
>> the PCAP next generation dump file format, that was proposed and 
>> discussed
>> last year by several folks on the libpcap/tcpdump and WinPcap mailing 
>> lists.
>> The library is released under the 3-clause/BSD license.
>>
>> The URL of the project is:
>>
>> http://www.winpcap.org/ntar
>>
>> On this website you can find
>> - the source file of the library (both for windows and *nix)
>> - the HTML documentation of the API (generated with doxygen from the
>>  commented source files), both for the user  and for someone wanting to
>>  extend it. The docs contain some tests/examples that you can look to
>>  get an idea of how the library works.
>> - An updated version of the PCAP draft specifying the file format.
>>  The original draft of the file format is available at
>>     http://www.tcpdump.org/pcap/pcap.html
>>
>>
>>
>> I'm seeking contributors to improve the library in terms of
>> - testing the library on different platforms and operating systems
>> - reviewing the API
>> - implementing new extensions to the library.
>>
>> A mailing list, ntar-workers at winpcap.org, has been created for 
>> NTAR-related
>> discussions. People interested in this project are welcome to join it, 
>> the
>> mailman web interface to subscribe is available at
>>
>> https://www.winpcap.org/mailman/listinfo/ntar-workers
>>
>> Have a nice day
>> Gianluca Varenni
> -- 
> -----------------------------------------------------------------------
>     Stephen Donnelly BCMS PhD           email: sfd at endace.com
>     Endace Technology Ltd           phone: +64 7 839 0540
>     Hamilton, New Zealand               cell:  +64 21 1104378
> -----------------------------------------------------------------------
> _______________________________________________
> ntar-workers mailing list
> ntar-workers at winpcap.org
> https://www.winpcap.org/mailman/listinfo/ntar-workers

More information about the ntar-workers mailing list