tcpdump mailing list archives
Re: -y and -r flag
From: Guy Harris <guy () alum mit edu>
Date: Mon, 28 Jul 2003 16:56:14 -0700
On Saturday, July 26, 2003, at 7:51 AM, Gisle Vanem wrote:
What good can these two flags make together? I.e. reading a capture with DLT_NULL frames trying to interpret then as DLT_EN10MB doesn't work. Should it?
The only interpretation I'd have for that combination would be, by analogy to the way it's implemented in 802.11 drivers, to have code that transforms link-layer headers of one type to link-layer headers of another, i.e. what I assume you mean by
AFAICS a legitimate use would be to read one datalink type and try to write out a capture with another DLT.
However, that's a lot of work (and not always implementable, e.g. trying to transform a Cisco Discovery Protocol packet on Ethernet into a CDP-over-BSD-loopback, so you can't always do the reverse of the example you gave, i.e. translating DLT_EN10MB to DLT_NULL), so I'd vote for not doing it. (If somebody really wants that feature, they're welcome to implement it.
Maybe tcpdump should flag it as an error using -y and -r flags together ??
Sounds good to me. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- -y and -r flag Gisle Vanem (Jul 26)
- Re: -y and -r flag Guy Harris (Jul 28)
- Re: -y and -r flag Gisle Vanem (Jul 29)
- Re: -y and -r flag Guy Harris (Jul 28)