[tcpdump-workers] Compile libpcap with DLT_LINUX_SLL2

Bill Fenner fenner at gmail.com
Fri Mar 13 07:35:54 EDT 2020


The "-y" flag to tcpdump allows you to specify capturing with
DLT_LINUX_SLL2.

//tmp @fenner-t493.sjc% tcpdump -i any -y linux_sll2 udp port 53

tcpdump: data link type linux_sll2

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length
262144 bytes

04:34:16.440349 ifindex 2 (e-a4c-281e9814) Out 8e:18:55:e1:02:4b (oui
Unknown) ethertype IPv4 (0x0800), length 81: me.45555 > dnsserver.domain:
53929+ A? www.tcpdump.org. (33)


  Bill

On Wed, Mar 11, 2020 at 2:49 PM Petr Vorel via tcpdump-workers <
tcpdump-workers at lists.tcpdump.org> wrote:

>
>
>
> ---------- Forwarded message ----------
> From: Petr Vorel <petr.vorel at gmail.com>
> To: Guy Harris <guy at alum.mit.edu>
> Cc: tcpdump-workers at lists.tcpdump.org, Denis Ovsienko <denis at ovsienko.info
> >
> Bcc:
> Date: Wed, 11 Mar 2020 19:49:18 +0100
> Subject: Compile libpcap with DLT_LINUX_SLL2
> Hi Guy,
>
> some time ago we did together DLT_LINUX_SLL2 support for libpcap.
> I don't remember the details, but IMHO it was enabled by default.
> When now I compile libpcap and tcpdump, it's still using DLT_LINUX_SLL:
>
> tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), ...
>
> What do I do wrong?
>
> Kind regards,
> Petr
>
>
>
> ---------- Forwarded message ----------
> From: Petr Vorel via tcpdump-workers <tcpdump-workers at lists.tcpdump.org>
> To: Guy Harris <guy at alum.mit.edu>
> Cc: tcpdump-workers at lists.tcpdump.org
> Bcc:
> Date: Wed, 11 Mar 2020 14:48:19 -0400 (EDT)
> Subject: [tcpdump-workers] Compile libpcap with DLT_LINUX_SLL2
> _______________________________________________
> tcpdump-workers mailing list
> tcpdump-workers at lists.tcpdump.org
> https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
>


More information about the tcpdump-workers mailing list