On Dec 29, 2010, at 7:59 PM, Mathew Rowley wrote:
> I have been debugging why libpcap is unable to sniff packets in pcaprub (of
> metasploit) and have found a few things. Maybe some of you can enlighten me.
>
> 1. With this sample source - if the timeout variable is 0 in pcap_open_live,
> cap
I have been debugging why libpcap is unable to sniff packets in pcaprub (of
metasploit) and have found a few things. Maybe some of you can enlighten me.
1. With this sample source - if the timeout variable is 0 in pcap_open_live,
capturing does not work. Setting to >0 allows things to work.
2.
On Dec 28, 2010, at 8:23 PM, Gianluca Varenni wrote:
> This is what PPI does.
>
> http://www.cacetech.com/documents/PPI%20Header%20format%201.0.10.pdf
That document misspells "linktype" as "dlt". :-)
DLT_ values are platform-dependent; there is no guarantee that DLT_xxx will
have the same va
This is what PPI does.
http://www.cacetech.com/documents/PPI%20Header%20format%201.0.10.pdf
There is already a DLT for PPI (DLT_PPI). The only difference from your
solution is that the minimum header before the packet is 8 bytes (instead of
4). The advantage is that Wireshark already supports
