tcpdump mailing list archives
Re: proposed new pcap format
From: Guy Harris <guy () alum mit edu>
Date: Wed, 24 Mar 2004 12:40:02 -0800
On Mar 24, 2004, at 7:08 AM, Michael Richardson wrote:
okay, but there is more than just in/out.
enum pcap1_probe {
INBOUND =1,
OUTBOUND =2,
FORWARD =3,
PREENCAP =4, /* IPsec ? */
POSTDECAP=5,
};
...and perhaps, on at least some systems, for inbound packets, supply "received unicast/received broadcast/received multicast/received promiscuously" indications (Digital UNIX has broadcast, multicast, and promiscuous bits - presumably if none are set it's received unicast or it's outbound), IRIX has a "received promiscuously" flag, and Linux supplies a unicast/broadcast/multicast/promiscuous/outgoing value. We might do that with "received unknown", "received unicast", "received broadcast", "received multicast", "received promiscuously", and "sent" flags (if none are set, the direction is unknown).
- This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- proposed new pcap format Michael Richardson (Mar 23)
- Re: proposed new pcap format Guy Harris (Mar 23)
- Re: proposed new pcap format Hannes Gredler (Mar 24)
- Re: proposed new pcap format Michael Richardson (Mar 24)
- Re: proposed new pcap format Guy Harris (Mar 24)
- Re: proposed new pcap format Darren Reed (Mar 24)
- Re: proposed new pcap format Guy Harris (Mar 24)
- Re: proposed new pcap format Hannes Gredler (Mar 24)
- Re: proposed new pcap format Hannes Gredler (Mar 24)
- Re: proposed new pcap format Guy Harris (Mar 23)
- Re: proposed new pcap format Michael Richardson (Mar 24)
- Re: proposed new pcap format Darren Reed (Mar 24)
- Re: proposed new pcap format Michael Richardson (Mar 25)
- Re: proposed new pcap format Michael Richardson (Mar 24)