8 May
2017
8 May
'17
5:18 p.m.
Well, I have it creating pcap files, but tcpdump doesn't like them.
And the structure definitions in libpcap don't agree with those on the
web page https://wiki.wireshark.org/Development/LibpcapFileFormat so
I'm going to have to reverse-engineer tcpdump to find out just what it's
really expecting. But we're partway there.
- Brian
On Mon, May 08, 2017 at 12:46:02PM -0700, Tom Hayward wrote:
Would you consider changing the format to pcap or
pcapng? This would
allow viewing the packets in Wireshark. The format isn't much more
complicated than the format you've chosen:
https://wiki.wireshark.org/Development/LibpcapFileFormat
Tom KD7LXL