Re: Proposed new pcap format

["Fulvio Risso" <fulvio.risso () polito it>]

> -----Original Message-----
> From: tcpdump-workers-owner () lists sandelman ca
> [mailto:tcpdump-workers-owner () lists sandelman ca]On Behalf Of Stephen
> Donnelly
> Sent: mercoledi 14 aprile 2004 4.38
> To: tcpdump-workers () lists tcpdump org
> Subject: Re: [tcpdump-workers] Proposed new pcap format
>
>
> Jefferson Ogata wrote:
> > Something keeps bugging me, and I just want to throw it out there for
> > the mad dogs to tear into little bloody pieces:
> >
> > Given all the desirable options people are looking for in this, and the
> > need for future growth, I think we should seriously consider an
> > XML-based format. Besides making it easy, format-wise, to include many
> > optional features and types of metadata, programs could also embed
> > decoded frame and protocol information in appropriate elements, right
> > within the capture file.
>
> > Yes, fully fledged decoded captures would use a lot of extra
> disk, but a
> > raw no-frills capture could be recorded with maybe only 50% or
> so overhead.
>
> 50% extra space and 50% extra disk bandwidth cost? So my 250
> Megabyte per second
> pcap stream to disk becomes 375MB/s?

No, more than 500 MB/s.
You have to trasform everything in ascii, so an 8bit value becomes a 2 bytes
ascii value.

        fulvio

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.