This is using the NETLINK_FIB_LOOKUP family (slightly extended data). Below is a run without -hex and one with -hex.
I don't expect this obscure netlink capabily is fully decoded.. but the headers are handy to locate the packets. In a previous version (that displayed these as Ethernet packets - so I had to pick the netlink header out of the Ethernet src/dst) I could see both the "decoded" header and the data as hex. With this version, it seems to be one or the other. Thanks again nlsniff-ng -dev nlmon0 Nlsniff-ng -dev nlmon0 --hex -----Original Message----- From: vkochan [mailto:[email protected]] Sent: Thursday, October 15, 2015 3:28 AM To: Geoff Ladwig Cc: [email protected] Subject: Re: [netsniff-ng] netlink On Wed, Oct 14, 2015 at 09:17:15PM -0400, Geoff Ladwig wrote: > Hi, > > I downloaded, built the latest git master. > > I can now decode netlink message (great!) but only get the header. > > I imagine this is because not all messages are fully decoded. Is it > possible to get both the decoded header and the hex version simultaneously? > > If I add -hex, it then doesn't print the header. > > Thanks, > Geoff > > -- > You received this message because you are subscribed to the Google Groups "netsniff-ng" group. > To unsubscribe from this group and stop receiving emails from it, send an email to <mailto:[email protected]> [email protected]. > For more options, visit <https://groups.google.com/d/optout> https://groups.google.com/d/optout. Hi Geoff, What kind of netlink messages do you try to dump ? Would you please provide some output of netsniff-ng ? Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
