Comment by c0nsumer

21 hours ago

> The macOS-specific functionality in this very post has been available for years.

Can you provide a reference? From what I can see this dissection was only added about five months ago: https://gitlab.com/wireshark/wireshark/-/commit/389f6356c9d5...

(And just hit release with 4.6.0.)

And I know with certainty that it did not work when I wrote my previous blog post about this, back in 2021.

So, from what I can see, the specific functionality to dissect Darwin metadata in pcapng captures, from macOS' tcpdump, has not been "...available for years.".

1 comment

c0nsumer

ItsHarper 11 hours ago

Without using Wireshark seems to be what they meant