Network Trace Archival and Retrieval

I don't pay close enough attention to the Pcap mailing lists. While doing research on WinPcap, I learned of a new project hosted at the WinPcap site called Network Trace Archival and Retrieval (NTAR). The Web site says "the main objective of NTAR is to provide an extensible way to store and retrieve network traces to mass storage."

I found this post by NTAR developer Gianluca Varenni make the claim that NTAR is "a working prototype of a library that reads and writes the PCAP-NG format." PCAP-NG is a reference to the PCAP Next Generation Dump File Format as documented in an expired RFC Draft.

If you would like to learn more about NTAR, check out the NTAR-workers mailing list. Searches of the tcpdump-workers mailing list show references to PCAP-NG back in February 2005, although a search of the Ethereal-dev mailing list has a mention in October 2003!

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics