On Feb 2, 2005, at 6:01 PM, Gregor Maier wrote:
We'd like to get two DLTs, namely DLT_ERF_ETH and DLT_ERF_POS. The DAG range of network monitoring cards prepend an additional ERF header (see http://www.endace.com/support/EndaceRecordFormat.pdf for further information) to the actual link layer data, so we would need these new DLTs for correct filtercode generation and for printing in tcpdump.
So would a packet in a file with those DLTs have both the standard libpcap "struct timeval" time stamp and the ERF time stamp, and have both the standard libpcap captured and real length values and the rlen/wlen values?
And should there be DLT_ values for TYPE_ATM, TYPE_AAL5, or any of the other types?
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
