[Winpcap-users] new winpcap file format, saving also custom data ?

Tecnowatt - Massimo Sala massimo.sala at tecnowatt.com
Tue May 30 07:17:32 GMT 2006


Gianluca> That's exactly the purpose of pcap-ng: allowing apps to save 
packets as well
Gianluca> as other information into the file.


Massimo>> The idea: add a few APIs to Winpcap, for example
Massimo>> int pcap_file_add_record(pcap_t *adhandle, unsigned char 
*pkt_data)
Massimo>> to save in the current dump file the application custom data.


Gianluca> Uhm, what about older applications, that do not know about this 
new flag?
Gianluca> They will try to interpret the OOB data as a packet...


Gianluca, thanks for your fast answer.

>From your explanations, the new pcap-ng file format seems to be a huge and 
far-in-time work.
What about modify slightly the current file format to allow for custom 
packets ?

About older applications, we can use some "trick", for example mark the 
custom packets with a specific value in the Ethernet protocol file.
It isn't very polite, but I think it is easy and quick to do.

Moreover I think that
- my application save these data, it can also decode them;
- if I exchange my ACP dump files with custom data with 
non-custom-data-aware applications, I have to know what I am doing...

I know, I am bringing the water to my watermill, but perhaps this feature - 
take all the session information inside only one file - can be useful for 
many applications.

Just my two cents,
Massimo



More information about the Winpcap-users mailing list