BTW, I think you should propose these as new IDB options on the
pcapng-format mailing list. They're obviously generally useful things
to have in the file, no matter how wiretap is implemented.
-hadriel
On Mon, Aug 31, 2015 at 2:43 PM, Guy Harris wrote:
>
> We might also have to add new options
On Aug 31, 2015, at 2:56 PM, Hadriel Kaplan wrote:
> On Mon, Aug 31, 2015 at 2:43 PM, Guy Harris wrote:
>>
>> For example, in bug 4221
>>
>>https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4221
>>
>> Paul Long of Microsoft says that we discard interface information in Network
>>
On Mon, Aug 31, 2015 at 2:43 PM, Guy Harris wrote:
>
> For example, in bug 4221
>
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4221
>
> Paul Long of Microsoft says that we discard interface information in Network
> Monitor files *and* that, ideally, the NetMon record containing i
On Aug 31, 2015, at 6:05 AM, Hadriel Kaplan wrote:
> Howdy,
> I'd like to modify tshark/wireshark/etc., to fully handle the pcapng
> file format.
>
> But to do that, wiretap needs to be changed in a non-trivial fashion.
>
> So instead of enumerating all the changes I propose to make to wiretap
Howdy,
I'd like to modify tshark/wireshark/etc., to fully handle the pcapng
file format.
But to do that, wiretap needs to be changed in a non-trivial fashion.
So instead of enumerating all the changes I propose to make to wiretap
in an email, I've created a page on the wiki to describe my proposa
