Re: Problem with generation of Pcap traces for

[Johan Mazel <johan.mazel () gmail com>]

> So you'd need to call pcap_create() on each of the interfaces whose traffic
> you want to aggregate *AND* call pcap_activate() on all of them.


That is exactly what I'm doing. :)

In addition, you should make sure the interfaces all have the same
> link-layer type, as pcap files don't support multiple link-layer types in a
> single file.


Does this restriction means that I can't aggregate trace of different
version of Ethernet (eg.: 802.3 and 802.11) ?

Ok, I now understand the point of using a pcap_t in this case.
> What do you mean by "capture the full packet and only log a part of it"?

I mean that with my different pcap_t, I will be able to set a certain
snapshot length for all the pcap_t related to the capture and a different
snapshot length for the trace file generation.
If for example, I just want to process the full packets but just log the
headers of the packets.

Thanks for all your time and answers.

Johan
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.