Our great sponsors
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
> I mentioned really briefly that tcpdump lets you save pcap files. This is awesome because literally every network analysis tool in the universe understands pcap files. pcap files are like freshly baked chocolate chip cookies. Everybody loves them.
OMG, yes, very well put. When I get a bug report with a pcap file I know I'll be able to know exactly what happened.
Speaking of which: for one of my libraries, I want to make a diagnostic tool that replays an interaction. My library mostly operates at the TCP level (also some UDP), so I need to reconstruct the TCP flows in my tool to feed to my library. Either I need an easy-to-use Rust library to do that directly from pcap files [1] or some format that represents bytes moving over the flow (like sets of lines with a timestamp, flow id, and pretty hexdump of the bytes) with a tool that produces it from pcap. This seems like something that should exist? Wireshark's “Analyze > Follow > TCP Stream”’s “Save As…” with "hex dump" is kind of what I want, but it doesn't have timestamps, and it doesn't have a way to put everything (multiple flows, UDP packets also) in one file.
[1] https://crates.io/crates/pnet looks promising but it wasn't as obvious as I hoped how to plug it in for what I want.
> where: timestamp is an optional timestamp of the time that the first packet was seen
https://github.com/simsong/tcpflow/blob/master/doc/tcpflow.1...
.B t