Attached is splitcap, a program for splitting capture files into
separate files.
It can interpret the following protocols:
Layer 2: Ethernet, 802.3, FDDI, Token Ring, Linux cooked mode.
Layer 3: IPv4, IPv6.
Layer 4: TCP, UDP.
I have no plans at present to add more protocols.
There are a couple of issues:
1. I haven't been able to test the support (meaning "skipping over
them") for the IPv6 extension headers specified in RFC 2460
(Hop-by-Hop Options, Routing (Type 0), Fragment and Destination
Options). If anyone could test splitcap with these headers, and/or
provide a sample capture file, that would be great. Also, we need
to check that splitcap gracefully handles fragmented IPv6 packets
when splitting by TCP/UDP port number (see the BUGS section of the
man page).
2. I nicked the definition of TIME_T_MAX from packet-smb.c. This
splendid preprocessor code should go into a .h file somewhere,
but I haven't given any thought as to where.
I haven't included updates for the following files/directories:
Makefile.nmake
doc/Makefile.nmake
README.win32
debian/
image/
packaging/nsis/
Enjoy.
Graeme Hewson
Attachment:
splitcap.tar.gz
Description: application/gzip
