#19 Support for Linux cooked sockets

[Anonymous]

I tried to use the command "ssldump -r capture.pcap" to process a packet capture I had taken with Ethereal on Linux. I saw no output at all. When I stepped through pcap_cb in gdb, I understood why. The value of pcap_if_type was 113, which is DLT_LINUX_SLL. I added a case statement at line 143 of pcap-snoop.c as follows:

case DLT_LINUX_SLL:
data+=16;
len-=16;
break;

That hack worked.

Ken Ballou (ballou at crab dot mv dot com)

[Nobody/Anonymous]

Logged In: NO

Sigh ... I meant also to add that the system in question is a RedHat 7.3 system. The version of ssldump is ssldump-0.9b3. The libpcap version is 0.6.2.