On Jan 10, 2012, at 3:51 PM, Troy Coulombe wrote:
> With the recent release of 1.6.5, I was wondering if anyone was using PCAP-NG & a compatible version of Wireshark?
"A compatible version of Wireshark" would either be "a version of Wireshark that can read pcap-NG files" or "a version of Wireshark that, when capturing, can capture into a pcap-NG file", depending on what you mean by "using PCAP-NG".
> If so, is there a binary release for Win-XP of that?
1.6.5 can read pcap-NG files (the first release of Wireshark with pcap-NG support, including support for capturing into a pcap-NG file, was 1.2.0), and there is a binary release of 1.6.5.
> Do any of the developers know if PCAP-NG is still active? The last web status shows 27-Jul-2009 L
> http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
There might not have been many requests for additions to the pcap-NG format, although I did send some mail noting that the spec needs to clarify whether the UTF-8 strings in various options are supposed to be null-terminated as well as counted, and haven't received a reply yet.
> Maybe this is just a matter of keeping my Wireshark 1.6.5 & upgrading PCAP to PCAP-NG?
If by "upgrading PCAP to PCAP-NG" - "PCAP" and "PCAP-NG" aren't pieces of software that you'd update in that sense, they're file formats - you mean "selecting pcap-NG format when you're capturing", that should work.
