Joerg Mayer wrote: > Hello List, > > I'm trying to enable some people to read some captures in libpcap format > directly without having to change the binary capture packet first. The > packet was captureed using Cisco's ERSPAN feature. In their infinite > wisdom, the engineers who implemented that feature chose a dlt-value of > 0x71. What is the best way to handle that situation? Doesn someone else
Shoot the responsible engineer(s)? ;-) > use pcap version 2.4 or could that be a way to find out whether it's > some Cisco specific stuff oder the regular WTAP_ENCAP_SLL? I suppose you'll need heuristics like those described in the (long) comments in "wiretap/libpcap.c". _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
