Hi Everybody,
First of all, I am not sure if this is the right place to ask this question.
How can I determine the protocol running on data link layer (i.e., Ethernet, Wi-Fi 802.11, etc) while analyzing packets in a "merged" dumped file with pcap format if the pcap file contains a mixture of packets with various data link layer protocols ?
libpcap has pcap_datalink(...) function allowing us to determine the data link layer protocol for live capture -- it gets this information directly from the actual network interface that is sniffed on.
However, in the case of offline analysis, it seems pcap_datalink() will not work since it is not possible to know what kind of interface those packets came from.
Any idea ?
Thanks.
