On Sun, 2005-08-28 at 17:00 -0500, Bill Meier wrote:
> Patches below are for netxray.c
>
> 1. Use the new (good work!) 'nanosec' precision only for gig pods;
Cool!
> 2. Rework 'struct netxray_hdr' to make it (somewhat) easier
> to maintain and revise:
> a. Declare known hdr fields such as 'captype' instead
> of using offsets in 'xxx placeholder' fields.
This makes sense...
> d. Define 'unknown' hdr fields using placeholder names
> based upon hex-offset in the netxray header record.
> (This isn't perfect, but I hope it will make things
> more manageable).
This will help when working on it....
> 3. Update hdr field info (based upon examination of various
> capture files):
> a. Define a hdr field which appears to be 'time-zone'
> [offset in hours from UTC] for the machine doing
> the capture.
> (Maybe this field can eventually be used for Ethereal
> to display the (local) time as it was at the time
> of the capture).
> b. Describe certain hdr fields as being "file offsets"
> (altho the exact use is still unclear).
>
> Comments are welcome.
>
> Bill Meier
>
Good work on this stuff.....
Kevin
---------------------
BASE Project Lead
http://sourceforge.net/projects/secureideas
http://base.secureideas.net
The next step in IDS analysis!
Attachment:
signature.asc
Description: This is a digitally signed message part
