On Tue, May 05, 2015 at 01:13:04PM +0200, Daniel Borkmann wrote:
On 05/05/2015 12:59 PM, Vadim Kochan wrote:
Wireshark does not understand netsniff-ng's pcap file with Netlink
frames, I assume thats because W-shark expects that each Netlink frame
should have additional header on-top described here:
http://www.tcpdump.org/linktypes/LINKTYPE_NETLINK.html
it shows this is a Netlink type link but can't dissect Netlink frames.
Meanwhile I do not have a fix for this yet. Don't know if it is important
for this release.
Well, tcpdump has that type (nlmon) registered so far, that's more
important. ;)
Cheers,
Daniel
At least it is possible to identify Netlink family from pcap file by
netsniff-ng if to save pcap file in netsniff-ng's pcap format type
(magic: 0xa1e2cb12) which stores protocol number ...
--
You received this message because you are subscribed to the Google Groups
netsniff-ng group.
To unsubscribe from this group and stop receiving emails from it, send an email
to netsniff-ng+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
