Hi, I've used this document to dump netlink communications to a pcap: http://lists.sandelman.ca/pipermail/tcpdump-workers/2014-October/000027.html I then open this pcap with wireshark 1.10.6 . It is recognized as a SLL protocol ("Encapsulation type: Linux cooked-mode capture (25)") but the data is not parsed, I thought that wireshark would be able to tell me if the packet was a request/control message, from which family etc... I was wondering if it was possible to do that ? Cheers asked 26 May '15, 14:57  teto |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
