tcpdump mailing list archives
Re: new worker..
From: Guy Harris <guy () alum mit edu>
Date: Mon, 6 Oct 2008 00:34:06 -0700
On Oct 3, 2008, at 12:43 PM, Rodrigo Roldan wrote:
I am trying put a "label" into tcpdump code for identify different interfaces when i run "tcpdump -i any"..
Libpcap does not, when capturing on the "any" device, supply any indication of the interface on which a packet arrived.
(Note also that any indication it supplies would only be valid on the machine on which you did the capture, so, even if libpcap did supply that information and it were stored in the capture file, if you did "tcpdump -i any -w capturefile" and sent the capture file to somebody else, they wouldn't be able to get the name of the interface, they'd only be able to determine whether two packets arrived on the same interface or on different interfaces.
Pcap-NG format:
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
would allow sufficient information to be stored in a capture file to
determine the names of the interfaces on which packets arrived, even
if the capture was done on a machine to which you have no access.
It's not currently supported by libpcap, and thus not currently
supported by tcpdump, however.)
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- new worker.. Rodrigo Roldan (Oct 03)
- Re: new worker.. lei wei (Oct 03)
- Re: new worker.. Rodrigo Roldan (Oct 06)
- Re: new worker.. Guy Harris (Oct 06)
- <Possible follow-ups>
- Re: new worker.. Curtis Wyatt (Oct 05)
- Re: new worker.. lei wei (Oct 03)