[pcap-ng-format] Proposal for new "custom" option codes
Hadriel Kaplan
the.real.hadriel at gmail.com
Wed Jul 22 19:26:56 UTC 2015
On Wed, Jul 22, 2015 at 2:37 PM, Jasper Bongertz <jasper at packet-foo.com> wrote:
>
> ... A file should not contain IDBs
> that are not referenced by at least one output packet.
Why not?
> Also, you may want to merge identical IDBs in multiple input files
> into a single IDB in the output file, which is easy for Windows
> captures because interface names are based on GUIDs and a game of
> chance for all other captures.
Yeah there've been several issues raised with that for mergecap so
far, and one abandoned code change as well. [1]
I'm not sure it's worth doing, but couldn't libpcap/whatever in theory
manufacture a GUID for each interface, that remains consistent even if
libpcap or the operating system is upgraded/uninstalled-reinstalled?
(like for example based on the hash of the MAC Address and interface
info strings) It doesn't have to be perfectly globally unique - just
reasonably globally unique.
-hadriel
[1] https://code.wireshark.org/review/#/c/6983/
More information about the pcap-ng-format
mailing list