Re: tcpdump and pcapng with comments

[Mahesh V <maheshvenkateshwaran () gmail com>]

Hi Folks

I added some code (modified) tcpdump to write the pcapng file.
while configuring/compiling the source code I get this error
This is a cross compilation for ARM platform

configure: error: *flex is insufficient to compile libpcap.*
 libpcap requires Flex 2.5.31 or later, or a compatible version of lex.

# flex -V
flex 2.5.37
Same error is true for bison/m4. (I am not sure what is that tool for)

Any help in this regard?


On Sat, Apr 5, 2025 at 12:27 AM Guy Harris <gharris () sonic net> wrote:

> On Apr 4, 2025, at 11:29 AM, Michael Richardson <mcr () sandelman ca> wrote:
>
> > I can't recall if we can read pcapng.
>
> libpcap - and thus programs, such as tcpdump, that use libpcap to read
> capture files - can read some pcapng files, as long as the current libpcap
> API can handle them.  That's been the case since libpcap 1.1.
>
> However, "as long as the current libpcap API can handle them" means that:
>
>         1) all of the sections of the pcapng file must have the same byte
> order, as the current API reports a single byte order for the entire file;
>
>         2) all interfaces in all sections of the pcapng file must have the
> same link-layer header type and snapshot length, as the current API reports
> a single link-layer header type and snapshot length for the entire file;
>
>         3) block types other than packet blocks can't be reported to the
> caller;
>
>         4) options such as comments can't be reported to the caller.
_______________________________________________
tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org
To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s