Comment # 4
on bug 12018
from Matthieu Coudron
When trying to open the 2nd attachement with master, I get:
==
The file "netlink-changed-dlt.pcap" isn't a capture file in a format Wireshark
understands.
===
It was edited with pcap so maybe that's why but wireshark could open it (though
it didn't recognize the netlink part) before I updated wireshark.
>Is there any program that creates such capture files? I just looked at some >captures I made a while ago with a 3.14 kernel and the nlmon module. They all >use DLT_NETLINK.
I don't think there is but I work on a network simulator (ns3) which can
intercept capture packets and I proposed a patch to dump them to pcap imitating
rtmon, i.e. setting data link type to netlink. An upstream developer wondered
why DLT_NETLINK was needed for wireshark to be able to decode my netlink pcap
since
the data link type should give a hint about the outer packets (?!) and the
netlink type is set in the SLL headers
(his remark here
https://groups.google.com/forum/#!topic/ns-3-reviews/WyyJEWOqQf0). I think he
has a point since SLL is also used when capturing from different interfaces
(with "Any" adapter I think) and thought I would check on wireshark.
You are receiving this mail because:
- You are watching all bug changes.