On Wed, Aug 15, 2001 at 04:00:02PM +0200, Alexander Gabert wrote:
...
> and then view an octal dump of the captured files, i can see, that
> there is some kind of 'meta-data' in the binary dump of the tcpdump data
> that is not existing in the raw libpcap data.
>From the hex dumps you sent, the metadata is just the file header, which
"pcap_dump_open()" writes.
I tried the program from the AIX manuals (with some changes to get it to
compile on FreeBSD 3.4 and to have a filter that'd actually see
traffic), and it produced a capture file that had the file header and
that tcpdump had no problem reading.
I'd suggest doing some debugging of the libpcap source you're using, to
see why it's not writing the header.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
