Ok.
Thanks a lot, both of you, for all the informations provided.
Johan
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
On May 16, 2009, at 10:32 AM, Johan Mazel wrote:
I suppose that the values for linktype are the ones I'm talking in
my first
mail : 01 for Ethernet, 06 for Token Ring, 07 for ARCnet, etc... ???
Libpcap has two sets of link-layer type values - the DLT_ values,
which are what are returned b
On Sat, May 16, 2009 at 10:12 AM, Guy Harris wrote:
>
> On May 16, 2009, at 3:18 AM, Johan Mazel wrote:
>
>> Does this restriction means that I can't aggregate trace of different
>> version of Ethernet (eg.: 802.3 and 802.11) ?
>
> (802.11 isn't a version of Ethernet.)
>
> If your 802.11 device su
Hello
(802.11 isn't a version of Ethernet.)
>
> If your 802.11 device supplies "fake Ethernet" headers, you can aggregate
> its packets with Ethernet packets; if it supplies 802.11 headers, with or
> without radio headers, you can't.
>
Ok, I'll verify this point.
> I mean that with my different
On May 16, 2009, at 3:18 AM, Johan Mazel wrote:
Does this restriction means that I can't aggregate trace of different
version of Ethernet (eg.: 802.3 and 802.11) ?
(802.11 isn't a version of Ethernet.)
If your 802.11 device supplies "fake Ethernet" headers, you can
aggregate its packets wi
>
> So you'd need to call pcap_create() on each of the interfaces whose traffic
> you want to aggregate *AND* call pcap_activate() on all of them.
That is exactly what I'm doing. :)
In addition, you should make sure the interfaces all have the same
> link-layer type, as pcap files don't support
On May 13, 2009, at 3:46 PM, Johan Mazel wrote:
My reason of doing this is that I want to be able to aggregate
different
source of packets (eg.: I have eth0, eth1 eth2 and eth3 and I want to
capture on eth0 and eth1 only and build a trace from these
interfaces only).
My goal is to aggregate
Hi
First of all, thanks for the answer.
> Umm, why are you calling pcap_create twice()? pcap_dump_open() creates the
> dump file for you; it does require a pcap_t as an argument, but that doesn't
> mean "just randomly open a pcap_t", it means "the packets you're writing are
> presumably coming f
On May 13, 2009, at 11:38 AM, Johan Mazel wrote:
My program work like this:
-I initialize my process of capture on my network interface (eth0)
through
these 2 functions : pcap_create, pcap_activate (I also use some
function
like pcap_set_timeout, pcap_set_direction but this is not really
Hi
I'm trying to use libpcap to generate some packets traces.
I want these traces to be fully usable in Wireshark.
Unfortunately my traces are not fully usable by Wireshark, i.e.: Wireshark
cannot recognize each protocol inside.
I tried to find a reason for this phenomenon and I think I found it.
10 matches
Mail list logo
