> You need to make it use DLT_NULL or something like that (0 length link layer
> header) when constructing the BPF.
DLT_RAW, not DLT_NULL; DLT_NULL is an unfortunate name, as the
link-layer header for DLT_NULL isn't "null", it's a BSD AF_ value,
giving the network-layer packet type. DLT_RAW is the link-layer type
for packets with no link-layer header, where the packet starts with the
IP header.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
