On Jul 3, 2013, at 3:49 AM, Daniel Borkmann <dbork...@redhat.com> wrote:
> For pcap interoperability, introduce a common link type for netlink > captures. What do the link-layer headers for this look like? > Netlink debugging workflow looks like the following: > > Setup: > modprobe nlmon > ip link add type nlmon > ip link set nlmon0 up > > Capture: > tcpdump -i nlmon0 ... Presumably making that work also involves changes to libpcap to support capturing on nlmon devices (so that DLT_NETLINK is returned for them) and, if you're not using the -w flag to tcpdump, changes to tcpdump to analyze DLT_NETLINK packets. _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
