[pcap-ng-format] Should we add the "ntartest.c" file and some sample pcapng files from the Wireshark Wiki pcapng page to the repository?

Hadriel Kaplan the.real.hadriel at gmail.com
Tue Aug 25 03:32:56 UTC 2015 

My 2 cents: I wouldn't mix it in with the draft-spec repo - you can
always create another repo under the "pcapng" organization, and put a
link in the README if need be.

As for the "tool" itself, I think it's too simplistic, at least for
verification. By the time you add all the details for each field and
option, and do cross-verification of things like Interface-IDs and
such, you might as well have just improved the recently-added pcapng
format dissector in wireshark/tshark to add expert info for all the
conditions. (I've been tempted to do just that, but I'm waiting for
Michal Labedzki to upload a change he claims will make the current
format dissector not look like such a hack)

-hadriel

On Mon, Aug 24, 2015 at 11:08 PM, Guy Harris <guy at alum.mit.edu> wrote:
> The Wireshark Wiki page on pcapng:
>
>         https://wiki.wireshark.org/Development/PcapNg
>
> has an attachment "ntartest.c" that's a small test program to read pcapng files:
>
>         "ntartest - a simplistic standalone pcapng (ntar) file reader
>
>         Included below is the C source code to a very simplistic program to read and dump header information about a pcapng (a.k.a. ntar) file. This program has been successfully compiled using gcc and used on several different types of systems including Linux, cygwin and Solaris 9."
>
>         https://wiki.wireshark.org/Development/PcapNg?action=AttachFile&do=view&target=ntartest.c
>
> Should we add that to the pcapng repository?  We might want to work on it to turn it into not only a pcapng dumper but a pcapng *verifier*, in order to, for example, verify the output of software writing pcapng files, as was requested in this Wireshark Q&A entry:
>
>         https://ask.wireshark.org/questions/44966/how-to-verifycheck-pcapng-format
>
> We might also want to move some of the capture files attached to that Wireshark Wiki page to the repository for use as tests for pcapng readers.
> _______________________________________________
> pcap-ng-format mailing list
> pcap-ng-format at winpcap.org
> https://www.winpcap.org/mailman/listinfo/pcap-ng-format

More information about the pcap-ng-format mailing list