Hi,
I'm new to the group. Currently I'm trying to write some code to log the
ppp frames into pcap formatted log files. My question is that from what I
understand so far. The main data structures I may have to use are.
1) struct pcap. Whereas linktype, tzoff and snapshot are used when trying
to open a dump file.
2) struct pcap_pkthdr, whereas ts, caplen and len are logged as the header
ahead of the logged packet.
My question is. What kind of value shall I use for the snapshot in struct
pcap? Also how about caplen and len in pcap_pkthdr? My understanding is
that caplen is the actually data length encapsulate by this header where
the len is the data length of the real packet. Is that correct?
Thank you for your help.
Haobin
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
