[tcpdump-workers] capturing the netlink socket on Linux

Please correct my understanding. The libpcap/pcap-netfilter-linux.c file is about capturing NFLOG packets from the netlink socket, i.e. ones that came from netfilter's --log target. On the other hand, we have: /* * Link-layer header type for the netlink protocol (nlmon devices). */ #define LIN

Re: [tcpdump-workers] capturing the netlink socket on Linux

On Oct 23, 2014, at 11:29 AM, Michael Richardson wrote: > On the other hand, we have: > /* > * Link-layer header type for the netlink protocol (nlmon devices). > */ > #define LINKTYPE_NETLINK 253 > > which suggests that I can capture all netlink messages (which is what I want > to

Re: [tcpdump-workers] Handling Corrupted Packets Inside Pcap Files?

Argh, nevermind. I think the corrupted packet caused my application to have some invalid read/write, corrupting something pcap_next() is going to use and so I thought it crashed inside pcap_next(). Sorry for the false alarm. On Thursday, October 23, 2014 2:14 AM, Guy Harris wrote: On Oct 18