[ntar-workers] Use of the application-specific
blocks in thepcap-ng file specification
Guy Harris
guy at alum.mit.edu
Mon May 15 18:46:48 GMT 2006
Gianluca Varenni wrote:
> I think that renaming the app-specific blocks to private blocks makes
> sense. Moreover, I would add a big note clearly stating that choosing a
> private block (instead of requesting a public block type code) can be
> potentially dangerous, and it should be done *only* if you are 100% sure
> that those blocks should never be read by another pcap-ng aware
> application (i.e. if you use a private block, you might easily incur
> into interoperability issues, be warned).
Or, at least, they should never be read by another pcap-ng aware
application that you don't control and that's not a "public" application.
By "public" application I'm referring to apps such as tcpdump/WinDump,
Ethereal, Analyzer, etc. - I wouldn't expect public releases of those
applications to ever do anything with private blocks other than perhaps
passing them through unchanged, although people might have private
versions of those applications that would handle them - which, if it's
from a group other than the one adding the private block in question,
would be an application that they don't control.
E.g., if your group has two applications that both use a particular
private block, it's probably safe to let the files be read by both the
applications. However, letting people in a group that might have their
own applications using private blocks read those files that's not safe.
More information about the ntar-workers
mailing list