Hello Folks,
This is my first post.
I would like to know if
1) tcpdump can write pcapng format (instead of just pcap)
2) Accept per packet comments from the kernel and write them along with the
packet
into the pcapng file (if so, how do we pack the comments from kernel
coming from the raw socket to tcpdump in user space)
3) read it later on. (I believe this functionality is available today or
alternatively even wireshark would be ok to do this for me)
Is this functionality available today or do we need to build it?
thanks in advance
On Fri, Apr 4, 2025 at 10:41 PM Mahesh V <maheshvenkateshwa...@gmail.com>
wrote:
> Hello Folks,
> This is my first post.
> I would like to know if
> 1) tcpdump can write pcapng format (instead of just pcap)
> 2) Accept per packet comments from the kernel and write them along with
> the packet
> into the pcapng file (if so, how do we pack the comments from kernel
> coming from the raw socket to tcpdump in user space)
> 3) read it later on. (I believe this functionality is available today or
> alternatively even wireshark would be ok to do this for me)
> Is this functionality available today or do we need to build it?
>
> thanks in advance
>
_______________________________________________
tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org
To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
