tcpdump mailing list archives
Re: -y and -r flag
From: "Gisle Vanem" <giva () bgnett no>
Date: Tue, 29 Jul 2003 18:57:52 +0200
However, that's a lot of work (and not always implementable, e.g. trying to transform a Cisco Discovery Protocol packet on Ethernet into a CDP-over-BSD-loopback, so you can't always do the reverse of the example you gave, i.e. translating DLT_EN10MB to DLT_NULL), so I'd vote for not doing it. (If somebody really wants that feature, they're welcome to implement it.
All this got me started because I found a pcap trace (psc_fddi.cap) that supposed to have FDDI linklayer. But the fileheader.linktype is 1 (en10mb) and all MAC fields are 00. The file is from 1997 (by Pittsburg Supercomputing Centre; www.psc.edu). So I assume the DLT_* values have changed since it was created or savefile didn't support FDDI back then. Hence I tried to interpret it by using '-yfddi'. --gv - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- -y and -r flag Gisle Vanem (Jul 26)
- Re: -y and -r flag Guy Harris (Jul 28)
- Re: -y and -r flag Gisle Vanem (Jul 29)
- Re: -y and -r flag Guy Harris (Jul 28)