Hi, Better contact the TCPdump/libpcap mailing list (http://www.tcpdump.org/) and WinPcap (http://www.winpcap.org) mailing list and ask how to get ahead. A DLT_ value could be all you need?
Thanx, Jaap Will Barker wrote: > We currently produce PC-based WAN products. These include support for > synchronous protocols such as X.25, PPP etc. > > We can currently capture frames using our own drivers/applications on > Windows and linux, save this information to file (in libpcap format) > which can then subsequently be read by wireshark. > > While this is useful it would be great if we could achieve the same > thing but in real-time. > > I assume that this could (technically) be achieved on Windows either by > > 1) extending winpcap in someway to enable it to capture our frames > and pass them up to Wireshark > > 2) sit alongside winpcap and offer the frames up to wireshark > directly ourselves > > I assume 2) would require us to produce our own capture driver (NDIS on > Windows) which Wireshark would see as a pseudo LAN driver and we could > pass our WAN frames up to it using some (libpcap-based?) format or other? > > Can anyone point me in the right direction as to how to achieve this? > Developing the NDIS driver itself is not a problem since we’ve lots of > experience there – the issue is one of interfaces and what is required > in that regard in order for us to interface to wireshark as seamlessly > as possible. > > The next question would then be – how to achieve the same thing on linux? > > Thanks > > Will _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
