> That sounds promising, I will go for pcap-format with raw IP
> encapsulation. To start with, how do I discard nettl/Ethernet headers?
> Should I use tshark and text2pcap, manually removing the headers in
> ASCII, or is there a better way?
Hmm that would not work I guess.
I guess the easiest (and dirtiest) way would be to hack
wiretap/nettl.c:nettl_dump() and construct a custom "struct
pcaprec_ss990915_hdr" and pass this one to wtap_dump_file_write()
instead of the nettlrec_hdr. Would this work?
Cheers,
Andrej