--- Begin Message ---
The "-y" flag to tcpdump allows you to specify capturing with
DLT_LINUX_SLL2.
//tmp @fenner-t493.sjc% tcpdump -i any -y linux_sll2 udp port 53
tcpdump: data link type linux_sll2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length
262144 bytes
04:34:16.440349 ifindex 2 (e-a4c-281e9814) Out 8e:18:55:e1:02:4b (oui
Unknown) ethertype IPv4 (0x0800), length 81: me.45555 > dnsserver.domain:
53929+ A? www.tcpdump.org. (33)
Bill
On Wed, Mar 11, 2020 at 2:49 PM Petr Vorel via tcpdump-workers <
tcpdump-workers@lists.tcpdump.org> wrote:
>
>
>
> ---------- Forwarded message ----------
> From: Petr Vorel <petr.vo...@gmail.com>
> To: Guy Harris <g...@alum.mit.edu>
> Cc: tcpdump-workers@lists.tcpdump.org, Denis Ovsienko <de...@ovsienko.info
> >
> Bcc:
> Date: Wed, 11 Mar 2020 19:49:18 +0100
> Subject: Compile libpcap with DLT_LINUX_SLL2
> Hi Guy,
>
> some time ago we did together DLT_LINUX_SLL2 support for libpcap.
> I don't remember the details, but IMHO it was enabled by default.
> When now I compile libpcap and tcpdump, it's still using DLT_LINUX_SLL:
>
> tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), ...
>
> What do I do wrong?
>
> Kind regards,
> Petr
>
>
>
> ---------- Forwarded message ----------
> From: Petr Vorel via tcpdump-workers <tcpdump-workers@lists.tcpdump.org>
> To: Guy Harris <g...@alum.mit.edu>
> Cc: tcpdump-workers@lists.tcpdump.org
> Bcc:
> Date: Wed, 11 Mar 2020 14:48:19 -0400 (EDT)
> Subject: [tcpdump-workers] Compile libpcap with DLT_LINUX_SLL2
> _______________________________________________
> tcpdump-workers mailing list
> tcpdump-workers@lists.tcpdump.org
> https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
>
--- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
