Re: saving data in pcap file format

[Guy Harris <guy () alum mit edu>]

On Oct 11, 2010, at 9:47 AM, Guy Harris wrote:

> That does, of course, require that the "raw packet data" be in the right format for DLT_USB_LINUX or 
> DLT_USB_LINUX_MMAPPED.  I'll discuss that issue in another message.

That format is the format you get from the Linux usbmon module's binary mode.

For DLT_USB_LINUX, in libpcap 1.0.0 and later, there's a <pcap/usb.h> header, which defines a "pcap_usb_header" 
structure.  The "raw packet data" begins with a pcap_usb_header structure, with all multi-byte integral quantities in 
*host* byte order, followed by the data transferred, if any.

For DLT_USB_LINUX_MMAPPED, in libpcap 1.1.0 and later, that header also defines a "pcap_usb_header_mmapped" header 
structure.  The "raw packet data" begins with a pcap_usb_header_mmapped, again with all multi-byte integral quantities 
in *host* byte order, followed by the data transferred, if any.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe