Hi all,

I wonder if I could read a tcpdump output which was created by -w
option on a linux box. I mean I can't do "tcpdump -r" on a NetBSD box.

In particular, I did "tcpdump -w somefile" on a Red Hat 7.0 box and the
'somefile' is now on a NetBSD-1.5.2 box. Now it says,


me@nbsd:~$ tcpdump -r somefile 
tcpdump: bad dump file format
me@nbsd:~$ file somefile 
somefile: extended tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 144)
me@nbsd:~$ 


I found a comment in /usr/share/misc/magic like this;

#
# "libpcap"-with-Alexey-Kuznetsov's-patches capture files.
# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is
# the main program that uses that format, but there are other programs
# that use "libpcap", or that use the same capture file format.)
#
0       ubelong         0xa1b2cd34      extended tcpdump capture file (big-endian)
>4      beshort         x               - version %d
>6      beshort         x               \b.%d
>20     belong          0               (No link-layer encapsulation
>20     belong          1               (Ethernet

[snip]

0       ulelong         0xa1b2cd34      extended tcpdump capture file (little-endian)


Maybe I should apply the Alexey-Kuznetsov's patch and re-compile
tcpdump in my home directory or somewhere but I don't know where I
could find the patch.

Can someone give me a clue ??

And what is this patch for, actually?

-- 
Yutaka KAWASE <me@yk.tp>