Re: [OPSAWG] PCAPNG standardisation
Jasper Bongertz <jasper@packet-foo.com> Thu, 17 July 2014 07:22 UTC
Return-Path: <jasper@packet-foo.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFFB21A0A95 for <opsawg@ietfa.amsl.com>; Thu, 17 Jul 2014 00:22:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 56jHZ3ZYShZ8 for <opsawg@ietfa.amsl.com>; Thu, 17 Jul 2014 00:22:46 -0700 (PDT)
Received: from mx1.synerity.com (mx1.synerity.com [81.209.179.65]) by ietfa.amsl.com (Postfix) with SMTP id 4FB061A0A9B for <OPSAWG@ietf.org>; Thu, 17 Jul 2014 00:22:43 -0700 (PDT)
Received: from proxy.surfnet.iacbox (Unknown [172.16.1.38]) by mx1.synerity.com ; Thu, 17 Jul 2014 09:13:54 +0200
Date: Thu, 17 Jul 2014 09:22:18 +0200
From: Jasper Bongertz <jasper@packet-foo.com>
X-Priority: 3 (Normal)
Message-ID: <364600168.20140717092218@packet-foo.com>
To: Benoit Claise <bclaise@cisco.com>
In-Reply-To: <53C69A6B.1020604@cisco.com>
References: <36334903-3B26-41FA-A9AE-35B5F74F88AC@lurchi.franken.de> <52D6582A-1740-4601-9ABC-FFCCC3847461@lurchi.franken.de> <53C69A6B.1020604@cisco.com>
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="----------0621D61A3313FF4E6"
Archived-At: http://mailarchive.ietf.org/arch/msg/opsawg/kjuSWWrFxsbG7bZkuI955Y6pJxE
X-Mailman-Approved-At: Thu, 17 Jul 2014 02:40:33 -0700
Cc: OPSAWG@ietf.org, Fulvio Risso <fulvio.risso@polito.it>, Guy Harris <guy@alum.mit.edu>
Subject: Re: [OPSAWG] PCAPNG standardisation
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Jasper Bongertz <jasper@packet-foo.com>
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jul 2014 07:25:17 -0000
Hi Benoit, libpcap is a very basic format that can be used to store network packet contents together with a very limited set of meta information, mostly timestamps and length information. More recent packet captures often require storing additional meta information, like the number of packets that could not be captured for performance reasons, lists of interfaces that the capture was performed on, name resolution tables that allow displaying FQDNs instead/together with IPs in network analysis solutions like Wireshark, comments and annotations of packets, etc. PCAPng does allow storing this kind of information and is designed to be extensible. Cheers, Jasper Wednesday, July 16, 2014, 5:29:47 PM, you wrote: > Hi Michael, > You wrote: > One of the most accepted packet interchange > formats is the one defined by libpcap, which is rather old and is > lacking in functionality for more modern applications particularly > from the extensibility point of view. > Can you please expand. > Regards, Benoit >> On 26 Jun 2014, at 19:29, Michael Tuexen <Michael.Tuexen@lurchi.franken.de> wrote: >> >>> Dear all, >>> >>> I have submitted an ID describing the default packet format format >>> used by Wireshark for saving capture files: >>> http://www.ietf.org/internet-drafts/draft-tuexen-opswg-pcapng-00.txt >> Wrong name... Use >> http://www.ietf.org/internet-drafts/draft-tuexen-opsawg-pcapng-00.txt >>> Is there any interest in the WG to work on this and improve it? >>> >>> Any comments are welcome! >>> >>> Best regards >>> Michael >>> >>> _______________________________________________ >>> OPSAWG mailing list >>> OPSAWG@ietf.org >>> https://www.ietf.org/mailman/listinfo/opsawg >>> >> _______________________________________________ >> OPSAWG mailing list >> OPSAWG@ietf.org >> https://www.ietf.org/mailman/listinfo/opsawg >>
- [OPSAWG] PCAPNG standardisation Michael Tuexen
- Re: [OPSAWG] PCAPNG standardisation Michael Tuexen
- Re: [OPSAWG] PCAPNG standardisation Benoit Claise
- Re: [OPSAWG] PCAPNG standardisation Michael Tuexen
- Re: [OPSAWG] PCAPNG standardisation Jasper Bongertz