[pcap-ng-format] Should we add the "ntartest.c" file and some sample pcapng files from the Wireshark Wiki pcapng page to the repository?

Alexis La Goutte alexis.lagoutte at gmail.com
Tue Aug 25 07:31:13 UTC 2015 

On Tue, Aug 25, 2015 at 5:32 AM, Hadriel Kaplan <the.real.hadriel at gmail.com>
wrote:

> My 2 cents: I wouldn't mix it in with the draft-spec repo - you can
> always create another repo under the "pcapng" organization, and put a
> link in the README if need be.
>
+1 with create a specific repo for ntartest (pcapngtest ?)

>
> As for the "tool" itself, I think it's too simplistic, at least for
> verification. By the time you add all the details for each field and
> option, and do cross-verification of things like Interface-IDs and
> such, you might as well have just improved the recently-added pcapng
> format dissector in wireshark/tshark to add expert info for all the
> conditions. (I've been tempted to do just that, but I'm waiting for
> Michal Labedzki to upload a change he claims will make the current
> format dissector not look like such a hack)
>
> -hadriel
>
> On Mon, Aug 24, 2015 at 11:08 PM, Guy Harris <guy at alum.mit.edu> wrote:
> > The Wireshark Wiki page on pcapng:
> >
> >         https://wiki.wireshark.org/Development/PcapNg
> >
> > has an attachment "ntartest.c" that's a small test program to read
> pcapng files:
> >
> >         "ntartest - a simplistic standalone pcapng (ntar) file reader
> >
> >         Included below is the C source code to a very simplistic program
> to read and dump header information about a pcapng (a.k.a. ntar) file. This
> program has been successfully compiled using gcc and used on several
> different types of systems including Linux, cygwin and Solaris 9."
> >
> >
> https://wiki.wireshark.org/Development/PcapNg?action=AttachFile&do=view&target=ntartest.c
> >
> > Should we add that to the pcapng repository?  We might want to work on
> it to turn it into not only a pcapng dumper but a pcapng *verifier*, in
> order to, for example, verify the output of software writing pcapng files,
> as was requested in this Wireshark Q&A entry:
> >
> >
> https://ask.wireshark.org/questions/44966/how-to-verifycheck-pcapng-format
> >
> > We might also want to move some of the capture files attached to that
> Wireshark Wiki page to the repository for use as tests for pcapng readers.
> > _______________________________________________
> > pcap-ng-format mailing list
> > pcap-ng-format at winpcap.org
> > https://www.winpcap.org/mailman/listinfo/pcap-ng-format
> _______________________________________________
> pcap-ng-format mailing list
> pcap-ng-format at winpcap.org
> https://www.winpcap.org/mailman/listinfo/pcap-ng-format
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/pcap-ng-format/attachments/20150825/93b94d8f/attachment.html>

More information about the pcap-ng-format mailing list