[pcap-ng-format] Validating a multi-session implementation
Emery Hemingway
emery at vfemail.net
Thu Apr 14 15:21:45 UTC 2016
Hello,
I'm working on a tcpdump like utility and I would like
some advice on how to validate the dump file.
This one is a bit novel, its for a microkernel like
environment so it can be attached directly to a driver or
an application. The utility is aware of the application
attaching or detaching from the network (almost always
one attachment per process-liftetime), so it seemed
natural to split these session into pcapng sessions.
My problem now is that my preferred viewer would be
wireshark, but this does not support multiple sessions.
Is there an alternative to check my multisession files
against? Is there a utility to split multisession files?
The code will be public after I do some testing and
cleanup.
Cheers,
Emery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://www.winpcap.org/pipermail/pcap-ng-format/attachments/20160414/350030e7/attachment.pgp>
More information about the pcap-ng-format
mailing list