In some email I received from Volf, Frank, sie wrote:
[There is text before PGP section.]
[Charset iso-8859-1 unsupported, filtering to ASCII...]
>
> I once did a different approach, I made a patch to ipmon to write IP packets
> to a file format that can be read by tcpdump. I even made to tcpdump so it
> could read and print these files).
>
> It works as that tcpdump can indeed read the file and decode the packets. I
> got stuck however trying to find out how the pcap compiler should be changed
> so you can apply tcpdump packet filter expressions on such a file, so you
> can currently only dump the entire file.
You need to make it use DLT_NULL or something like that (0 length link layer
header) when constructing the BPF.
Darren
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
