Re: What must be the linktype set to in Pcap if the the packets are to be captured from the unix socket

[Guy Harris <guy () alum mit edu>]

On Apr 24, 2006, at 10:44 PM, santosh.soule () wipro com wrote:

> So I want to add support for unix socket to Pcap library. As pcap uses
> DLT_xxx for identifying the type of interface and Linux uses the ARP
> hardware type.
> In case of unix socket what value should be given, is there any value
> already defined.

No, there isn't.

Given that this will be some special protocol of your own running on  
the UNIX-domain sockets, I would suggest that you use one of the user- 
defined DLT_ values (DLT_USER0 through DLT_USER15), and make your own  
private modifications to tcpdump, or whatever program you're using to  
read those files, to handle that DLT_ value.  Those DLT_ values are  
reserved for private use; they will never be used for any official  
purpose in libpcap or tcpdump.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.