8 May
2017
8 May
'17
9:18 p.m.
Well, I have it creating pcap files, but tcpdump doesn't like them.
And the structure definitions in libpcap don't agree with those on the web page https://wiki.wireshark.org/Development/LibpcapFileFormat so I'm going to have to reverse-engineer tcpdump to find out just what it's really expecting. But we're partway there. - Brian
On Mon, May 08, 2017 at 12:46:02PM -0700, Tom Hayward wrote:
Would you consider changing the format to pcap or pcapng? This would allow viewing the packets in Wireshark. The format isn't much more complicated than the format you've chosen:
https://wiki.wireshark.org/Development/LibpcapFileFormat
Tom KD7LXL