> I'd prefer to also have a flag to say if this segment was received or
> transmitted - I've never liked inferring that information from the
> identity of the source/dest. addresses. It then makes it impossible to
> sensibly analyse the file if you don't know the underlying networking
> configuration, as may well be the case for .pcap(ng) files copied from
> one machine to another.
This is even more important when people use pcap file formats for
things like SS7 (telephone signalling) where you might be monitoring
sixteen (or even more) bidirectional 64k signalling links and need to
know precisely which of the 32+ data flows being monitored each packet
came from (ie the SS7 pointcodes and SLC of each link).
David
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
