[Winpcap-users] Using DLT_USERx link type for unknown protocol
guy at alum.mit.edu
Thu Jun 7 18:44:46 GMT 2007
c-keel at gmx.de wrote:
> It is not able to capture the protocol because it is not supported
> by NDIS (and I guess exactly that is the problem I did not realize first).
> Second, the hardware is very special and also the drivers for it. Special
> also means that it is not sold as often as an ethernet card.
> I'm going to add an additional capture mechanism, that's true.
OK, so you'd probably want to modify pcap_open_live() in
wpcap/libpcap/pcap-win32.c, so that, before the
p = (pcap_t *)malloc(sizeof(*p));
if (p == NULL)
snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
it looks at the "device" string to see if it refers to your device and,
if so, calls your open routine (which would allocate the pcap_t
structure and fill it in).
Then set the read_op, setfilter_op, etc. pointers to other functions you
write for the device. Have it use DLT_USER0 as the link-layer type.
More information about the Winpcap-users