Wireshark · Ethereal-dev: Re: [Ethereal-dev] Fix for IRIX and UNICOS/mp snoop loopback captures

Ethereal-dev: Re: [Ethereal-dev] Fix for IRIX and UNICOS/mp snoop loopback captures

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 11 Nov 2003 12:54:12 -0800


On Nov 11, 2003, at 12:36 PM, Brian Ginsbach wrote:

The following changes fix the decoding snoop loopback captures from
IRIX and UNICOS/mp.  With these changes loopback captures will be
decoded rather than show up as "Raw packet data".

Well, that appears to answer the question in a comment in libpcap'spcap-snoop.c:


        } else if (strncmp("lo", device, 2) == 0) {
                p->linktype = DLT_NULL;

ll_hdrlen = 4; /* is this just like BSD's loopbackdevice? */


The answer appears to be "not exactly".

You might want to look at doing a similar fix for tcpdump (more stuffin "null_if_print()" in "print-null.c", where it sets "family"), and dothe appropriate stuff in libpcap (you'd have to generate code to checkfor both BSD-style and IRIX-style headers - or, alternatively, tweak"pcap-snoop.c" so that, in "pcap_read_snoop()", if capturing on aDLT_NULL device it converts the first 4 bytes of the packet it read tolook like a BSD-style header).

References:
- [Ethereal-dev] Fix for IRIX and UNICOS/mp snoop loopback captures
  - From: Brian Ginsbach

Prev by Date: [Ethereal-dev] Fix for IRIX and UNICOS/mp snoop loopback captures
Next by Date: Re: [Ethereal-dev] Windows zlib 1.1.4 understand .gz files ?
Previous by thread: [Ethereal-dev] Fix for IRIX and UNICOS/mp snoop loopback captures
Next by thread: Re: [Ethereal-dev] Fix for IRIX and UNICOS/mp snoop loopback captures
Index(es):
- Date
- Thread