tcpdump mailing list archives
pcap and loopback headers
From: "Adam M." <pcap () irotas net>
Date: Fri, 14 Jul 2006 10:58:04 -0400
This is probably a FAQ++, but I'm having trouble using Pcap for savefiles that were captured from a loopback device. There are 2 problems here: 1) In general, how is one supposed to determine what the layer-2 protocol is? I've traditionally always assumed Ethernet, because I don't know how to determine it automatically. 2) It seems that the loopback header format is different for Linux and BSD/Mac. Linux seems to 'fake' the header with an Ethernet-style format with zero'd out source/destination addresses, and only fill in the layer-3 protocol number. BSD/Mac use a single 4-byte field to indicate the layer-3 protocol number. How does one handle this when parsing packets read from Pcap? Thanks, Adam - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- pcap and loopback headers Adam M. (Jul 26)
- Re: pcap and loopback headers Guy Harris (Jul 27)