On Tue, Jun 16, 2015 at 11:25:46AM +0200, Frank Brodbeck wrote: > Hi, > > is it possible to convert a pcap done with tcpdump under redhat to a > format I can read with tcpdump(8). At least I think the following error: > > tcpdump: unknown data link type 0x71 > > is due to a format incompatibility. > > Frank. > > --
OpenBSD's tcpdump(8) does not support "DLT_LINUX_SLL" or Linux "cooked" capture encapsulation format. The tcpdump.org documentation about it is here: http://www.tcpdump.org/linktypes.html http://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html If possible, try using -y EN10MB on Linux instead. There is also support for this format in Wireshark, which is in the ports tree, if recapturing isn't possible. https://wiki.wireshark.org/SLL -Bryan.
