On Tue, May 05, 2015 at 01:13:04PM +0200, Daniel Borkmann wrote: > On 05/05/2015 12:59 PM, Vadim Kochan wrote: > >Wireshark does not understand netsniff-ng's pcap file with Netlink > >frames, I assume thats because W-shark expects that each Netlink frame > >should have additional header on-top described here: > > > > http://www.tcpdump.org/linktypes/LINKTYPE_NETLINK.html > > > >it shows this is a Netlink type link but can't dissect Netlink frames. > > > >Meanwhile I do not have a fix for this yet. Don't know if it is important > >for this release. > > Well, tcpdump has that type (nlmon) registered so far, that's more > important. ;) > > Cheers, > Daniel >
At least it is possible to identify Netlink family from pcap file by netsniff-ng if to save pcap file in netsniff-ng's pcap format type (magic: 0xa1e2cb12) which stores protocol number ... -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
