On Friday 20 August 2004 18:23, Rob van der Heij wrote: Rv> I know better than argue with you... I recall the early version had Rv> tweaked one of the formats since I could not use the same thing to Rv> decode a tcpdump stream from my PC anymore.
Good point. If you run "tcpdump-qeth -r " on a file you captured on a PC, I suppose you will get garbage because the script will add an extra LLC header. The real tcpdump program should have been used in this case. Hopefully SuSE's package did not make "tcpdump" a link to "tcpdump-qeth"... :) Last year I was using tcpdump-qeth to capture a trace (using the -w option) from a Linux guest on a VSWITCH, and I was able to view the result with standard ethereal on my laptop. So I know it works! ;) (For the ultra-curious, on page 36 of the VSWITCH Redpaper you can see the result of such a capture. Notice the all-zeroes MAC addresses in the Ethernet header -- that 'empty' Ethernet-II header is what tcpdump-qeth adds to the packet flow to keep tcpdump and friends happy.) Cheers, Vic PS: The same Redbook credits tcpdump-qeth to Holger Smolinski. See, I knew it was an IBMer! Sorry, Holger ;) ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
