Hi all,
I need to capture from 2 interfaces on a machine in promiscuous mode.
This is because we are routing a copy of 2 load balanced streams onto a
box for monitoring.
I'm aware it isn't possible (?) to listen on "any" with a pcap_open_live
in promiscuous as the flag is ignored, but is there
Hi again,
> Although you can't enable promiscuous mode on the "any" interface,
> enabling it on each of the direct interfaces will result in the "any"
> interface receiving all the traffic from each of the individual
interfaces > in promiscuous mode.
Worked a treat. Thanks all.
Pete
-
This
There is a different header for the "any" device (DLT_LINUX_SLL), it
looks like this:
2-byte packet type
2-byte field, containing a Linux ARPHRD_value for the link layer device
type;
2-byte field, containing the length of the link layer address of the
sender of the packet
8-byte field containi
If you do a man on pcap you'll get the information. Look for
DLT_LINUX_SLL, that's the type of header the ANY device is giving you.
If you don't have the man page locally, then it's here:
http://www.tcpdump.org/pcap3_man.html
- Pete
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EM
Hi again,
Any will return a header of type DLT_LINUX_SLL.
It's defined here: (From the man page)
---
DLT_LINUX_SLL
Linux "cooked" capture encapsulation; the link layer header
contains, in order:
a 2-byte "packet type", in network byte order, which is
