tcpdump mailing list archives
Re: New DLT_ value request
From: Guy Harris <guy () alum mit edu>
Date: Wed, 19 Dec 2007 17:23:43 -0800
On Dec 18, 2007, at 2:46 AM, Will Barker wrote:
OK - can we go for: "zero means received, non-zero means sent"
...and 4 bytes long, as per the earlier discussion, or just 1 byte (or 2 bytes)?
Hopefully by "version-specific" you don't mean "specific to the versions of libpcap and Wireshark", but instead mean that one field in the headerwould be a version number, so that you won't, for example, have the information change in such a way that one version of Wireshark can't read the files from a mismatched version of libpcap.I was not thinking of producing anything that wasn't backward compatible -but I agree - there should be no version field - we won't need it.
So what's the format of the packet data in your proprietary encapsulation type?
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- New DLT_ value request Will Barker (Nov 28)
- Re: New DLT_ value request Guy Harris (Nov 28)
- Re: New DLT_ value request Will Barker (Nov 29)
- Re: New DLT_ value request Guy Harris (Nov 29)
- Re: New DLT_ value request Will Barker (Nov 30)
- Re: New DLT_ value request Guy Harris (Dec 12)
- Re: New DLT_ value request Will Barker (Dec 18)
- Re: New DLT_ value request Guy Harris (Dec 19)
- Re: New DLT_ value request Will Barker (Dec 20)
- Re: New DLT_ value request Guy Harris (Dec 21)
- Re: New DLT_ value request Fulko Hew (Dec 21)
- Re: New DLT_ value request Will Barker (Nov 29)
- Re: New DLT_ value request Guy Harris (Nov 28)
- Re: New DLT_ value request Will Barker (Dec 12)