Wireshark mailing list archives
Is there any reason for "rawshark -s" not to actually *read* the pcap header and use the byte order and link-layer header type?
From: Guy Harris <guy () alum mit edu>
Date: Sun, 30 Dec 2012 12:54:19 -0800
If rawshark is reading a stream of packets, with no file header, you obviously need to specify the encapsulation of the packets and have the byte-order of the packet headers in the stream match the byte order of the machine processing them (or add an option to explicitly specify the byte order or specify that it's the opposite of the byte order of the machine on which it's running. However, there's a -s flag to allow it to read a stream that represents a pcap file, complete with a pcap header; currently, -s just skips the header, but it would probably be better to have it process the header, get the encapsulation and use that by default, and get the byte order and use that. Is there any reason *not* to do that? ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Is there any reason for "rawshark -s" not to actually *read* the pcap header and use the byte order and link-layer header type? Guy Harris (Dec 30)