mwcorley wrote:
Currently there are features for automated protocol
decoding, non linear capture facilities for random access and modified binary
searching through savefiles,
Note that libpcap has to be able to work on non-seekable input streams,
such as pipes, so it can't *require* random access
mwcorley wrote:
I think a patch would be cool. It shouldn't be very difficult if using zlib.
When you get a chance, open savefile.c of the libpcap source. There is a
routine: sf_next_packet(). Pretty much all packet content capture for
savefiles is through that method. Essentially, I replaced a
