[EMAIL PROTECTED] wrote:
Here is possible solution to resolve DCE/DTE origin of a LAPB packet.
Wireshark libpcap.h has the struct pcaprec_ss990915_hdr, which has
ifindex field ( the interface on which packet came in ). During
capturing phase FROM_DCE or FROM_DTE will be stored into ifindex field
of the struct pcaprec_ss990915_hdr. Knowing interface index I know
origin, DCE or DTE.
No, please, don't use the non-standard versions of libpcap format - and
especially don't override a completely different field. Just put an
extra byte at the beginning of the packet data.
If you *must* use one of the non-standard versions of the libpcap
header, at least
1) don't use one of the "hack" versions with that SMP debugging gunk in
it, use the pcaprec_modified_header version (called
pcap_sf_patched_pkthdr in libpcap);
2) use a field that's *intended* to convey the direction of the packet,
namely the pkt_type field - use 0 for DCE->DTE ("HOST") and 4 for
DTE->DCE ("OUTGOING").
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
