--- Begin Message ---
Guy Harris via tcpdump-workers wrote:
> I've been thinking about a world in which we have more pcapng-style
> APIs. With a capture API that can deliver, for each packet, something
> similar to a pcapng Enhanced Packet Block, with an interface number
> from
--- Begin Message ---
On Jan 21, 2021, at 8:41 AM, Bill Fenner via tcpdump-workers
wrote:
> It would be perfectly reasonable (and fairly straightforward) to update
> libpcap to be able to filter on the Ethernet address in DLT_LINUX_SLL or
> DLT_LINUX_SLL2 mode.
Link-layer address, to be more
--- Begin Message ---
Bill Fenner via tcpdump-workers wrote:
> It would be perfectly reasonable (and fairly straightforward) to update
> libpcap to be able to filter on the Ethernet address in DLT_LINUX_SLL
> or DLT_LINUX_SLL2 mode. There are already filters that match other
>
--- Begin Message ---
It would be perfectly reasonable (and fairly straightforward) to update
libpcap to be able to filter on the Ethernet address in DLT_LINUX_SLL or
DLT_LINUX_SLL2 mode. There are already filters that match other offsets in
the SLL or SLL2 header. However, I don't think it
--- Begin Message ---
For posterity, I did:
ncat -l 12345 | tshark -r - -w - sll > w
where w is named pipe.
Instead of: ncat -l 12345 | tcpdump -r - -w - [pcap_filter] > w
Your answer leads me to this solution, I needed an upper-level tool.
Regards,
Le 19/01/2021 à 15:45, Michael Richardson
--- Begin Message ---
And is there any way to filter by link-type? In fact, I need only those
LINUX_SLL.
Regards,
Le 29/12/2020 à 22:39, Michael Richardson a écrit :
Edouard Gaulué via tcpdump-workers wrote:
> I get a pcap flow from my router box (Peplink). The only thing I can
change
--- Begin Message ---
Hi all,
I get a pcap flow from my router box (Peplink). The only thing I can
change is the dev "interface" from a web page. If one is chosen, I've
got a EN10MB type and I can filter my incoming flow with "tcpdump -r -
-w - ether host 01:23:45:67:89:01". If I choose
