On Tue, Aug 06, 2002 at 05:49:48PM +0800, Iain McAleer wrote:
> I'm currently trying to get my sniffer to work with any link type, is there
> any documentation you can point me to regarding this with pcap?
Well, there's:
1) the libpcap 0.7.1 and later man page, which enumerates DLT_
types and says what the type is and, if it's not a standard
link layer whose link-layer header is specified by some
standard, describes the link-layer header
and
2) the standards in question.
IEEE 802.x standards are publicly available for free 6 months after
publication; see
http://standards.ieee.org/getieee802/
> also is there a way to bypass the link and just deal with information
> from IP and above?
There is no mechanism for doing so in libpcap. You could, I guess, use
a filter of "ip" to see only IP packets (by default, there is, for
almost all link-layer types, no guarantee that the only packets you see
will be IP packets, and, in order to determine the packet type, you'd
have to look at the link-layer header), and then just ignore the
link-layer header, although for some link-layer types the link-layer
header is variable-length, so you can't just ignore it - you'd have to
look at enough of it to determine how long it is.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
