[Winpcap-users] Using DLT_USERx link type for unknown protocol

Guy Harris guy at alum.mit.edu
Thu Jun 7 18:44:46 GMT 2007

c-keel at gmx.de wrote:

> It is not able to capture the protocol because it is not supported 
> by NDIS (and I guess exactly that is the problem I did not realize first).
> Second, the hardware is very special and also the drivers for it. Special 
> also means that it is not sold as often as an ethernet card.
> I'm going to add an additional capture mechanism, that's true.

OK, so you'd probably want to modify pcap_open_live() in 
wpcap/libpcap/pcap-win32.c, so that, before the

         p = (pcap_t *)malloc(sizeof(*p));
         if (p == NULL)
                 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 
                 return (NULL);

it looks at the "device" string to see if it refers to your device and, 
if so, calls your open routine (which would allocate the pcap_t 
structure and fill it in).

Then set the read_op, setfilter_op, etc. pointers to other functions you 
write for the device.  Have it use DLT_USER0 as the link-layer type.

More information about the Winpcap-users mailing list