[Click] FromDump format
Harald Schiöberg
harald at net.t-labs.tu-berlin.de
Wed Sep 9 08:46:57 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
María Gómez wrote:
> Hello clickers!!
>
> I have a couple of questions about the FromDump element:
>
> 1- I
> have captured the traffic with tcpdump and wireshark and with 'FromDevice(ath0)-> ToDump(capture.dump)' (i use .dump and .cap),
> but I don't know if the file
> format is correct. That is, the format must be in some specific way?
FromDump uses pcap format[1], which is a binary format containing some
meta-data and the literal packets , use tcpdump -w to write pcap files
> For example:
> 'time' IP 1.0.0.1.1234 2.0.0.2.1234 : UDP, length 80
this is an ascii pretty print, but no dump format
> 2- Why not print IPPrint element? My configuration:
because it again gives you some pretty print, but no pcap file
harald
1) e.g. http://wiki.wireshark.org/Development/LibpcapFileFormat
- --
Harald Schiöberg
Technische Universität Berlin | T-Laboratories | FG INET
www: http://www.net.t-labs.tu-berlin.de
Phone: +49-(0)30-8353-58476 | Fax: +49-(0)391 534 783 47
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFKp6PBy8wrZ9OvkU0RAvbPAKCvIViZrZhjATDkb+05ctd+dy7OPQCfQI0Y
ctXJUhI2YmHuLI5f3BxI+u8=
=7M/y
-----END PGP SIGNATURE-----
More information about the click
mailing list