Wireshark-users: Re: [Wireshark-users] Nettl HP-UX
From: Andrej van der Zee <andrejvanderzee@xxxxxxxxx>
Date: Mon, 20 Jun 2011 02:53:35 +0200
> That sounds promising, I will go for pcap-format with raw IP
> encapsulation. To start with, how do I discard nettl/Ethernet headers?
> Should I use tshark and text2pcap, manually removing the headers in
> ASCII, or is there a better way?

Hmm that would not work I guess.

I guess the easiest (and dirtiest) way would be to hack
wiretap/nettl.c:nettl_dump() and construct a custom "struct
pcaprec_ss990915_hdr" and pass this one to wtap_dump_file_write()
instead of the nettlrec_hdr. Would this work?

Cheers,
Andrej