Wireshark-dev: Re: [Wireshark-dev] How to capture original packet ?
From: "Wen Cheng" <[email protected]>
Date: Thu, 11 Oct 2007 17:40:25 +0800
May be you need to wite a kernel module to do this. To register a hook function in netfilter architecture will get you the real packet rather then a copy of it.

On 10/11/07, Vivek Satpute <[email protected]> wrote:
Respected Sir/Madam,

I am student of Pune University, doing project on WAN Emulator.

I have following query :
wireshark uses the libpcap library which gives the copy of packet.
So, How to capture the original packet at data link layer or network layer ?

We want to experiment the behavior by adding delays to those packets, and
that is why we want the actual packet and a copy of packet wont serve purpose.

Thanks in advance.

Wireshark-dev mailing list
[email protected]