pcap_open_dead模拟整个UDP数据包捕获 [英] pcap_open_dead to simulate full UDP packets capture

问题描述

这是关于PCAP文件创建我的问题的后续行动，我现在想模拟保存完整的UDP包，包括以太网，IP和UDP报头。

Following up on my question about pcap file creation, I now would like to simulate the saving of a full UDP packet, including the Ethernet, IP and UDP headers.

我应该使用哪种类型DLT_XXX？我相信pcap_dump（）以太网头rel=\"nofollow\">跳过。

Which DLT_XXX type should I use? I believe pcap_dump() skips the Ethernet header when using pcap_open_dead(DLT_RAW, 65535).

推荐答案

如果您想模拟一个完整的UDP在IP的以太网数据包，你要 DLT_EN10MB （以下简称10MB之名是历史的; DLT_EN10MB 的真正含义所有类型的以太网）。

If you want to simulate a full UDP-over-IP-over-Ethernet packet, you want DLT_EN10MB (the "10MB" in the name is historical; DLT_EN10MB really means "all types of Ethernet").

（ DLT_RAW 是其中最低级别的头是为IP数据包，它不跳过的以太网帧头，这意味着你不必提供以太网头，事实上，它需要你的不的提供对一个 - 如果你的做的规定之一，它会被写入到文件，这会混淆读取文件的程序，因为他们会期望包开始与IPv4或IPv6报头，而不是一个以太网报头）。

(DLT_RAW is for packets where the lowest-level headers are for IP; it doesn't skip the Ethernet header, it means that you don't have to provide an Ethernet header and, in fact, it requires that you don't provide one - if you do provide one, it'll be written to the file, which will confuse programs reading the file, as they'll expect the packets to begin with an IPv4 or IPv6 header, not an Ethernet header.)

这篇关于pcap_open_dead模拟整个UDP数据包捕获的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！