On Apr 4, 2025, at 11:29 AM, Michael Richardson wrote:
> I can't recall if we can read pcapng.
libpcap - and thus programs, such as tcpdump, that use libpcap to read capture
files - can read some pcapng files, as long as the current libpcap API can
handle them. That's been the case since libp
Mahesh V wrote:
> I would like to know if
> 1) tcpdump can write pcapng format (instead of just pcap)
Not yet.
> 3) read it later on. (I believe this functionality is available today or
> alternatively even wireshark would be ok to do this for me)
> Is this functionality ava
On Apr 4, 2025, at 10:22 AM, Mahesh V wrote:
> I would like to know if
> 1) tcpdump can write pcapng format (instead of just pcap)
Currently, no. tcpdump uses libpcap to read and write capture files, and
libpcap doesn't yet support writing pcapng.
> 2) Accept per packet comments from the kern
Hello Folks,
This is my first post.
I would like to know if
1) tcpdump can write pcapng format (instead of just pcap)
2) Accept per packet comments from the kernel and write them along with the
packet
into the pcapng file (if so, how do we pack the comments from kernel
coming from the raw sock
