-------------------
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.org and subscribe to wireshark-dev@xxxxxxxxxxxxx.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-dev
-------------------
Viral Mehta wrote:
Thanks for your valuable input..
Now I m stuck up with "what is Link Layer Type". I googled it and find some
number assigned to particular type and etc etc.. But what is it? Is it the
protocol I am using at DataLinkLayer?
Yes. See the list of LINKTYPE_ values in the "savefile.c" source file
in the libpcap source for a full list of link-layer type values.
Secondly, Why do we have TimezoneOffset and TimeStampAccuracy fields if they
are not used at all?
I don't know why they put them there. Perhaps they reserved them for
future use, but never used them?
What is a per-packet header? Will we have it when we don't write information
to a file?
As far as I know they give information about time after 1 Jan
1970 and such things.. But if I don't do tcpdump -w sample.cap and instead
give a simple command tcpdump sample.cap... Will I have all these
information?
If you give the command "tcpdump sample.cap", what you will have is an
error message:
$ tcpdump sample.cap
tcpdump: parse error
because it's interpreting "sample.cap" as a filter expression, and it's
not a valid filter expression.
If you give the command "tcpdump -r sample.cap", then "sample.cap" will
have to have the per-packet headers.
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
