On Sun, May 04, 2008 at 11:03:54PM -0700, Guy Harris wrote:
|Malcolm Herbert wrote:
|> In this case it seems that there's a 1:1 relationship between HDLC frame
|> and TCP packet,
|
|If, for any protocol running atop TCP, there is a 1:1 relationship
|between a TCP segment and a packet for that protocol, it should be
|assumed to be the result of pure luck
understood ... it just seems to be the way it's implemented in userppp
from looking at the packet traces ...
|> actually this seems to be the most feasible - I already have most of the
|> code to do this bit already. Is there any documentation to tell me what
|> format Wireshark expects data to be in on stdin?
|
|libpcap format - either use pcap_dump_open() and pcap_dump() in libpcap,
|or see
|
| http://wiki.wireshark.org/Development/LibpcapFileFormat
excellent ... ta
--
Malcolm Herbert This brain intentionally
mjch@xxxxxxxx left blank
