On Sat, Apr 20, 2002 at 01:51:24AM +0200, Ferm�n Gal�n M�rquez wrote:
> I'm looking for a list of interfaces types in wich libpcap
> can work.
"Types" in what sense? Ethernet, token ring, FDDI, ATM, 802.11, etc.?
If so, the types for which it can generate filter code are:
BSD loopback devices
Linux loopback devices (which look like Ethernet devices)
Ethernet
802.5 Token Ring
ARCnet
SLIP
PPP
FDDI
ATM on some platforms, if it's doing RFC 1483-style
LLC-encapsulated traffic
"raw IP".
"Cisco HDLC" devices
802.11
Localtalk
However:
1) even though it includes code to generate filter code for
those types, it doesn't necessarily include code to handle
the actual capture operation for all those types on all OSes;
2) on Linux, it may be able to fall back on "cooked" captures
for other types.
> In adition, I'm interested in the specification
> of the libpcap file formats (ie, how is the structure of
> the file in wich tcpdump log traffic traces).
>
> Where can I find this information?
A list of the full set of DLT_ types (link-layer types) for Ethereal is
in the "pcap(3)" man page for recent versions of Ethereal from
tcpdump.org.
The libpcap file format isn't documented in a man page (although it
probably should be - unfortunately, there's no "standard" man page
section for file formats; it's 4 on some UNIXes, 5 on others). Were it
not almost 2AM here, I'd put it in this reply, but I'll send out a reply
at some point later (or try to other mail I've sent out, and use that).
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
