[pcap-ng-format] Addition of new content
Michael Haney
michael-haney at utulsa.edu
Fri Sep 4 13:41:17 UTC 2015
On September 4, 2015 2:05:35 AM MDT, Guy Harris <guy at alum.mit.edu> wrote:
>
>On Sep 3, 2015, at 10:23 PM, Michael Haney <michael-haney at utulsa.edu>
>wrote:
>
>> > capinfos network-tap.pcapng
>> capinfos: Can't open network-tap.pcapng: The file isn't a capture
>file in a known format
>
>That's the wrong report - it *should* have said that it was a pcapng
>file with an unsupported *version*.
>
>Which version of capinfos was that?
>
capinfos from the wireshark-dev package on Ubuntu 14.04-lts.
Wireshark v1.10.6.
>
>> In my mind, adding additional blocks, while keeping all the v1.0
>blocks well-formed, should be indicated by some kind of version change
>
>So any time anybody creates a private block type or a custom block
>type, the version number should be changed?
>
Yep, I agree. v1.0 allows for custom and private blocks, and I'm
creating a v1.0 compatible file. It's not the same as application
version numbers with additional features. I see that more clearly
now. I guess I was assuming v1.1 would be only an extension of v1.0
with new block types, and not a correction or change of an existing
block type. That would clearly make a difference in how tools try to
process files.
More information about the pcap-ng-format
mailing list