Hi Everybody, First of all, I am not sure if this is the right place to ask this question.
How can I determine the protocol running on data link layer (i.e., Ethernet, Wi-Fi 802.11, etc) while analyzing packets in a "merged" dumped file with pcap format if the pcap file contains a mixture of packets with various data link layer protocols ? libpcap has pcap_datalink(...) function allowing us to determine the data link layer protocol for live capture -- it gets this information directly from the actual network interface that is sniffed on. However, in the case of offline analysis, it seems pcap_datalink() will not work since it is not possible to know what kind of interface those packets came from. Any idea ? Thanks.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
