[pcap-ng-format] Should we add the "ntartest.c" file and some sample pcapng files from the Wireshark Wiki pcapng page to the repository?

[Guy Harris]

On Aug 24, 2015, at 8:32 PM, Hadriel Kaplan <the.real.hadriel at gmail.com> wrote:

> As for the "tool" itself, I think it's too simplistic, at least for
> verification. By the time you add all the details for each field and
> option, and do cross-verification of things like Interface-IDs and
> such, you might as well have just improved the recently-added pcapng
> format dissector in wireshark/tshark to add expert info for all the
> conditions.

...and taken that dissector and turned it into a standalone verifying tool, for the benefit of those who, for whatever reason - whether we deem it legitimate or not - want a standalone tool rather than having to use Wireshark/TShark as such a tool.

(Yes, I think it would be a good thing to have a verifier that's independent of libpcap's pcapng-reading code, Wireshark's pcapng-reading code, and Wireshark's pcapng-file-dissecting code.  So perhaps adding all the details would be a good thing, *even if it duplicates Michał's efforts*.  Sometimes duplication of effort is a Good Thing, especially when it comes to interoperability in a world where we expect duplicate implementations to exist, and this is such a world - I don't expect every packet sniffer either to use libpcap's code or to use Wireshark's code, especially not third-party commercial products.)