From owner-freebsd-hackers  Thu Jul 30 09:57:06 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA20442
          for freebsd-hackers-outgoing; Thu, 30 Jul 1998 09:57:06 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from alpha.xerox.com (omega.Xerox.COM [13.1.64.95])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id JAA20433
          for <hackers@FreeBSD.ORG>; Thu, 30 Jul 1998 09:57:03 -0700 (PDT)
          (envelope-from fenner@parc.xerox.com)
Received: from mango.parc.xerox.com ([13.1.102.232]) by alpha.xerox.com with SMTP id <40671(1)>; Thu, 30 Jul 1998 09:55:39 PDT
Received: from mango.parc.xerox.com (localhost [127.0.0.1])
	by mango.parc.xerox.com (8.8.8/8.8.8) with ESMTP id JAA13547;
	Thu, 30 Jul 1998 09:55:37 -0700 (PDT)
	(envelope-from fenner@mango.parc.xerox.com)
Message-Id: <199807301655.JAA13547@mango.parc.xerox.com>
To: Dennis <dennis@etinc.com>
cc: hackers@FreeBSD.ORG
Subject: Re: TCPDUMP 
In-reply-to: Your message of "Tue, 28 Jul 1998 09:55:12 PDT."
             <199807281657.MAA21402@etinc.com> 
Date: Thu, 30 Jul 1998 09:55:36 PDT
From: Bill Fenner <fenner@parc.xerox.com>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

What are you putting in the DLT_NULL header?  Filters work fine
with most point-to-point devices with DLT_NULL header, which is a
4-byte value (in host byte order) containing the address family of
the packet.  tcpdump (well, libpcap) makes sure that this first word
contains AF_INET as part of any filter you might create.

  Bill

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message