[pcap-ng-format] [OPSAWG] comments/edits on pcapng
Michael Richardson
mcr+ietf at sandelman.ca
Thu Nov 12 16:31:54 UTC 2015
Warren Kumari <warren at kumari.net> wrote:
> The IETF is traditionally not very good at formats and such, but I'm
> game to try progress it under OpsAWG. W
On Sunday at the ETSI 6lo plugfest Dominique Barthel described to me a way
that the IOT-Lab is using *pcap* (with custom LINKTYPE_USR0...) in a
syslog/MILE/INCH-like way, except that they are debug events rather than
security events. Interspersed with packets that were actually captured and
caused the debug... viewable in wireshark.
PCAP files already travel over TCP and SSH connections between collectors and
analyzers... so it's not just a format at rest anymore.
I am not subscribed to the opsawg list, I'm sure.
--
Michael Richardson <mcr+IETF at sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
URL: <http://www.winpcap.org/pipermail/pcap-ng-format/attachments/20151112/c709cce6/attachment.pgp>
More information about the pcap-ng-format
mailing list