Hi Guy, > What happens if you capture traffic on machine A and print it on machine B, > where machines A and B have different sets of network interfaces?
> (This is why pcapng has Interface Description Blocks - so that the list of > interfaces is part of the file, so you use *that*, rather than the > configuration of interfaces on the machine running the program reading the > capture, to get interface names.) Thanks for a pointer to pcapng. > Perhaps this should be done *only* for live captures, *not* for reading > savefiles. Good point, make sense. I've created pull request implementing this, via new member in struct netdissect_options (maybe there are better ways to do that). https://github.com/the-tcpdump-group/tcpdump/pull/689 I'd be for adding getopt long option to allow showing this info even for reading captured file (on users responsibility to decide whether data are valid). If you do dump on the same host you want to see interface name (and IMHO it's the point of DLT_LINUX_SLL2). Or (as it's too specific to some case) print interfaces always and just print a warning about interfaces might be wrong when reading on different host in case of reading pcap file. Does it sounds better for you? Should I change pull request in one of these two options? Kind regards, Petr _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
