tcpdump mailing list archives
Re: How to convert from proprietary format to some generic libpcap format?
From: Richard Sharpe <rsharpe () richardsharpe com>
Date: Tue, 24 Jun 2003 15:31:22 -0700 (PDT)
On Tue, 24 Jun 2003, Ben Greear wrote:
I have a capture format that has slightly more information than the standard libpcap format (I keep a flag to tell whether the packet is coming in the interface or going out, and have a different header as well.)
Hmmm, I thought that one of the DLT types related to the/a Linux capture format that keeps extra info ... Is your capture format different from that format?
I plan to write a small utility that converts my format to
the standard libpcap format...
I see the pcap header in /usr/include/pcap.h, but I am curious
what the 'normal' values are for things like:
bpf_u_int32 magic;
u_short version_major;
u_short version_minor;
Thanks,
Ben
-- Regards ----- Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- How to convert from proprietary format to some generic libpcap format? Ben Greear (Jun 24)
- Re: How to convert from proprietary format to some generic libpcap format? Richard Sharpe (Jun 24)
- Re: How to convert from proprietary format to some generic libpcap format? Ben Greear (Jun 24)
- Re: How to convert from proprietary format to some generic libpcap format? Richard Sharpe (Jun 24)