Home page logo
/

wireshark logo Wireshark mailing list archives

Enhanced PCAP-NG dissection
From: Brandon Carpenter <hashstat () pnnl gov>
Date: Wed, 17 Apr 2013 11:11:29 -0700

I just posted a patch to improve dissection of PCAP-NG captures. Below is the introductory paragraph describing the issues the patch addresses. See Bug 8590 <https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8590> for more information and for the patch. I am looking forward to feedback.

The current processing of PCAP-NG has limitations that are addressed by the attached patches. First, dissection of the PCAP-NG blocks is occurring in the wiretap library instead of the wireshark library where dissection errors are less likely to cause problems. Second, it is difficult to present any data other than real packet data to the dissection engine. Third, multiple section header blocks are not supported. Finally, there is no way to add additional block types and/or options via a plug-in dissector.

Thank you,

Brandon Carpenter

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]