Is there any reason for "rawshark -s" not to actually *read* the pcap header and use the byte order and link-layer header type?

[Guy Harris <guy () alum mit edu>]

If rawshark is reading a stream of packets, with no file header, you obviously need to specify the encapsulation of the 
packets and have the byte-order of the packet headers in the stream match the byte order of the machine processing them 
(or add an option to explicitly specify the byte order or specify that it's the opposite of the byte order of the 
machine on which it's running.

However, there's a -s flag to allow it to read a stream that represents a pcap file, complete with a pcap header; 
currently, -s just skips the header, but it would probably be better to have it process the header, get the 
encapsulation and use that by default, and get the byte order and use that.

Is there any reason *not* to do that?
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe