Re: [tcpdump-workers] Multifile patch

[Michael Richardson]

Wesley, it seems like a good idea.
I can't look at your patch from the cottage, since I squirt out bits
only once a day by walking down the road to where there is some wifi.

Since pcap files have no end of file marker, and each file
has a header on it, do you look at the beginning of each packet, and see
if there is a pcap magic number?

(pcap-ng doesn't have this problem, and I appologize to the pcap-ng
folks for how long it's taken to move towards it)

-- 
Michael Richardson
-at the cottage-


   

pgppR8HF1tLLx.pgp
Description: PGP signature
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] Multifile patch

[Wesley Shields]

On Tue, Aug 21, 2012 at 08:36:12PM -0400, Michael Richardson wrote:
> 
> Wesley, it seems like a good idea.
> I can't look at your patch from the cottage, since I squirt out bits
> only once a day by walking down the road to where there is some wifi.

No worries, I'm in no rush on this. Enjoy your time away from the
internet.

> Since pcap files have no end of file marker, and each file
> has a header on it, do you look at the beginning of each packet, and see
> if there is a pcap magic number?

I'm not sure I'm parsing this right but...

I am using pcap_open_offline() on each file, which should be validating
that I'm operating on a pcap file. I also check to ensure that the DLT
of every subsequent file matches the DLT of the first file when using
this option in conjunction with -w, since we don't want to generate one
output file with multiple input DLTs.

-- WXS
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers