Hi,
Better contact the TCPdump/libpcap mailing list
(http://www.tcpdump.org/) and WinPcap (http://www.winpcap.org) mailing
list and ask how to get ahead. A DLT_ value could be all you need?
Thanx,
Jaap
Will Barker wrote:
We currently produce PC-based WAN products. These include support for
synchronous protocols such as X.25, PPP etc.
We can currently capture frames using our own drivers/applications on
Windows and linux, save this information to file (in libpcap format)
which can then subsequently be read by wireshark.
While this is useful it would be great if we could achieve the same
thing but in real-time.
I assume that this could (technically) be achieved on Windows either by
1) extending winpcap in someway to enable it to capture our frames
and pass them up to Wireshark
2) sit alongside winpcap and offer the frames up to wireshark
directly ourselves
I assume 2) would require us to produce our own capture driver (NDIS on
Windows) which Wireshark would see as a pseudo LAN driver and we could
pass our WAN frames up to it using some (libpcap-based?) format or other?
Can anyone point me in the right direction as to how to achieve this?
Developing the NDIS driver itself is not a problem since we’ve lots of
experience there – the issue is one of interfaces and what is required
in that regard in order for us to interface to wireshark as seamlessly
as possible.
The next question would then be – how to achieve the same thing on linux?
Thanks
Will