On Sep 18, 2008, at 3:08 AM, Gaurav1 Jain wrote:
I want to understand how libpcap identifies a particular data link
layer?
As indicated, this is more of a tcpdump-workers@xxxxxxxxxxx question,
as it's a libpcap question.
Currently we are tapping IP interfaces using WireShark where there
could be either HDLC or Transparent traffic without IP header
attached to it.
"Without IP header attached to it"? Do you mean that there's no data
link layer header *or* IP header, so that the packet begins with an
ICMP/UDP/TCP/SCTP/etc. header? Or do you mean that there's no data
link layer header but there *is* an IP header, so the packet begins
with an IP header?
I assume, from your other mail, that this is on Linux.
Are those "interfaces" regular network interfaces (so that libpcap
captures on them the same way it captures on, for example, Ethernet or
802.11 interfaces), or have you added a new interface type to libpcap?