Wireshark · Ethereal-dev: [Ethereal-dev] What link-type value do I need to feed for ethrreal to display the IP, ICMP and TCP/U

Ethereal-dev: [Ethereal-dev] What link-type value do I need to feed for ethrreal to display th

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Thu, 4 Mar 2004 16:49:18 +0530

Could you please help me in solving my technical query on ether-real?

I am trying to "create" a binary tcpdump file compatible with the LibPCap file format. I want to display the IP header, ICMP header and the TCP/UDP header of every incoming-outgoing packet.

For the above, I am using the link-type (the last 4 bytes of the tcpdump file-header) to be 101 (which I got from the savefile.c of WinPCap). That number, is really for Raw IP and not the one I want.

Questions:

1. What value should I write in my binary file for the link-type so that etherreal would display me the IP header, ICMP, TCP/UDP headers ?

2. Is it that I will have to separate the incoming packet and break it into IP, TCP/UDP and then create separate record headers from them and dump the stuff in the tcpdump file as separate records? Or simply dumping the entire packet (with perhaps a proper link-type being set) should do the trick for me?

I tried posting my message at the forum but I am not quite sure why my posts are not appearing in the forum.

Looking forward for your help.

Kind regards,

Viren

Follow-Ups:
- Re: [Ethereal-dev] What link-type value do I need to feed for ethrreal to display the IP, ICMP and TCP/UDP correct
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] Changed required automake to 1.6 and autoconf to 2.53
Next by Date: Re: [Ethereal-dev] SVN 1.0 binaries available
Previous by thread: Re: [Ethereal-dev] SVN 1.0 binaries available
Next by thread: Re: [Ethereal-dev] What link-type value do I need to feed for ethrreal to display the IP, ICMP and TCP/UDP correct
Index(es):
- Date
- Thread