>Right, I've been meaning to work on systems without <pcap-int.h>. >Of course, without that it's kind of hard to figure out what the >actual packet format is. Since tcpslice mucks with the on-disk >format, it really needs to know what the on-disk format is.
Since I'm using libpcap 0.6 for my captures it seems reasonable that the same version might be required to read the files, so I put together an RPM for libpcap 0.6 using libpcap 0.4 as the original sources. It appears that the libpcap-0.6.2 Makefile does not install the <pcap-int.h> file. Is that intentional? Using libpcap-0.6.2 with <pcap-int.h> seems to have solved the tcpslice issues. (In fact, in an interesting ironic twist I now have to use the original files rather than the ones I ran through tcpdump 3.4) Strange that tcpdump and other utils (tcptrace, ethereal) built with libpcap 0.4 can cope with files made with libpcap 0.6, but tcpslice cannot. Thanks for the help. Let me know if you want the source RPM and/or spec files I built. -- Steve Bonds _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
