Forum Discussion
hooleylist
Dec 30, 2008Cirrostratus
I think it's :nnn
tcpdump -ni 0.0:000 -s0 -w/var/tmp/test.dmp
tcpdump: unrecognized interface name: 0.0:000
tcpdump -ni 0.0:nnn -s0 -w/var/tmp/test.dmp
tcpdump: listening on 0.0:nnn
Using tcpdump to read the file you can see extra fields at the end of the normal info. I'm assuming the Wireshark patch parses this info.
tail-type 1 len 33 f5-low ver[0] fty[0] fid[00000000] pid[00000000] cfl[00000000] flg[0001] pgr[0] pun[0] lis= tail-type 2 len 6 f5-med ver[0] ins[0] inp[0] ha[0] tail-type 3 len 40 f5-hi ver[0] pra[00000000:00000000:00000000:00000000] pla[00000000:00000000:00000000:00000000] prp[0] plp[0] pip[0] pvl[0]
Can someone send me a compiled version of the modified wireshark version (hooleylists at gmail dot com)? I can't easily compile it without reworking my existing cygwin installation.
Thanks,
Aaron