On Sat, Nov 03, 2001 at 05:10:36PM +0100, Fulvio Risso wrote: > In case you should decide for this proposal, I suggest to insert also some > counters (packets captured, packets dropped, ...) in the file header.
Yes, statistics should be put in the file. Putting them in the header, however, means you can't write a capture file to a UNIX pipe (and probably not to a Windows pipe, either), as it means you have to seek backwards in the file and rewrite it. Snoop format (RFC 1761) puts a cumulative packet drop count in the header of each record (because that's what SunOS 5.x's "bufmod" STREAMS module puts in the header of each packet). Microsoft Network Monitor has its own private Ethernet type value, which it uses for information it inserts into capture files; it uses this to put packet statistics at the *end* of a capture. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
