So LINUX_SLL is a "cooked" capture file format- meaning that it's not a physical layer 2 header, but rather a fake header that Linux uses when you're capturing on multiple interfaces. It also means that you can have a mix of interface types (such as both ethernet and loopback for e...
> Input plugins are automatically selected by the DLT of the pcap. > Output plugins allow rewriting the header. So you'll want to use --dlt=enet > to select the DLT_EN10MB output plugin to convert to ethernet. You'll > probably also need to specify --enet-dmac and --enet-smac since...
have to provide that information manually. Frankly, using "tcpdump -i any" while seems convenient at capture time, is often more work/pain in the long run for this reason. Input plugins are automatically selected by the DLT of the pcap. Output plugins allow rewriting the header. So you'll...