PCAPng Application

The PCAPng application is a GigaSMART parser application that reads the various blocks in the received PCAPng files and validates the blocks to be sent to the destination application or to the tools. The PCAPng file contains the following blocks:

  • Mandatory Blocks
    • Section Header Block (SHB)
  • Optional Blocks
    • Interface Description Block (IDB)
    • Enhanced Packet Block (EPB)
    • Simple Packet Block
    • Name Resolution Block
    • Interface Statistics Block

The actual packets are present in the Enhanced Packet Block. The block data is parsed to find the start and end offset of the valid packets and the packet is sent out to the next application.

Note:  Only one EPB in a PCAPng file is supported.

The PCAPng application processes the data depending on the packet type that contains a combination of the blocks mentioned above:

Block Combination

Process

SHB+IDB+EPB+data

Packets are parsed, validated, and the data packet is sent out.

SHB+IDB

Packets are dropped.

EPB+Data

Packets are parsed, validated, and the data packet is sent out.

The PCAPng application validates if the incoming data matches any of the above three formats in the same order, and processes the packets accordingly.

The following figure shows a sample PCAPng file format that contains one section header block: