Guy Harris wrote:
On Tue, Jun 24, 2003 at 05:14:56PM +0530, Navin Anand wrote:
The modified files are:There is no guarantee that a DLT_ value of 20 isn't being used
libpcap.c
407,413d406
<
< /*
< * 20 Added for the fake link type, required to dissect packets
< * containing higher layer protocol payload without the lower layer
< * protocol headers, e.g. pure TCP data without underlying IP.
< */
< { 20, WTAP_ENCAP_FAKE_LINK },
somewhere; it's best to request a DLT_ value from tcpdump.org - or to
define your own capture file format for your application, with its own
magic number, rather than using libpcap format.
Having just used libwiretap to dump packets to a PCAP file, I must admit that I like using that format (just for ease of use).
.... I have been using this to convert binary payload to a .pcap file:
od -Ax -tx1 stream | text2pcap -m1460 -T1234,5678 - stream.pcap
Together with a dissector that lets ethereal desegment the tcp stream, I have had good results dissecting my data stream. Desegmentation is managed by giving a hint where the next dissector call should start when an exception occurs.
-- ---------------------------------------------------------------- -o) Matthijs Melchior Maarssen /\\ [EMAIL PROTECTED] Netherlands _\_v ---------------------------------------------------------------- ----
