Benn,
regarding the NTAR project (i.e. the only implementation of the pcap-ng
"wannabe" spec so far) that I "maintain", I've been pretty busy in the last
year or so, thus not being able to work on it. The project is not dead at
all, I'm simply giving priority to other tasks...
As far as the integration with wireshark is concerned, technically speaking
there is one big feature missing from NTAR that is needed by wireshark, that
is seeking within a file.
I started working on it during the xmas holidays, but I haven't come out
with a definitive API for it. The main problem I'm having is the hierarchy
of the file (packets are embedded in blocks which are grouped into sections)
that make everything much more complicated. I plan to work on it in the
upcoming weeks and post something on the NTAR website as soon as possible.
I think that the wireshark devs have a great interest in moving to pcap-ng
as the standard trace format (being it through NTAR or reimplementing the
spec), I have no idea where this task sits within the Wireshark roadmap, and
if this task would fit before or after the 1.0 milestone.
Have a nice day
GV
----- Original Message -----
From: "Benn Bollay" <benn@xxxxxx>
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Sent: Wednesday, January 10, 2007 2:27 PM
Subject: [Wireshark-dev] Is pcap-ng/ntar still in roadmap?
Hello all -
Is the next-gen pcap format still in the roadmap at all? I've heard
nothing about it for ages; there doesn't seem to be any discussions, nor
any implemention details for well over a year now.
I'm trying to decide whether I should hack-up the libpcap format or
spend more development effort and move entirely to something else.
Cheers,
--Benn
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
