Charles Lepple wrote:
> For instance, if I create a .pcap file with "text2pcap -l 189 ..." on
> a big-endian machine, then the .pcap file seems not to have the
> byte-swapped flag set.
There's no byte-swapped flag in a libpcap file. There's only a magic
number, which is written out in host byte
On 1/23/07, Paolo Abeni <[EMAIL PROTECTED]> wrote:
> The linux header is enforced in host byte order by the wiretap/libpcap
> code: when a capture saved on by a host with different endianess is
> loaded and the data link is of the capture is DLT_USB_LINUX, the linux
> header fields are swapped.
On
On 1/23/07, Paolo Abeni <[EMAIL PROTECTED]> wrote:
> Please give the endianess-related stuff a serious review, because I
> can't test it across machine with different endianess.
I'm going to take a look at it, but do you have any sample captures
for the new format?
It might be good to differentia
hello,
the attached patch update the usb dissector and wiretap to sync with
current libpcap for usb sniffing.
The data link type for usb capture has been changed (and is now
DLT_USB_LINUX 189). Each usb 'packet' is preceded by a linux specific
header in host byte order. The usb data and usb heade
