obormot
commented
1 year ago pcap.Writer has the linktype parameter, set to Ethernet (DLT_EN10MB) by default https://github.com/kbandla/dpkt/blob/master/dpkt/pcap.py#L241
Try setting it to DLT_RAW and see if it helps
brightpinefield
Hello all,
Not sure if this is a bug or if I'm doing something wrong. I have pcaps that are in raw IPv6 and I'm trying to split up traffic based on port numbers such as DNS port 53. When I use the writepkt I end up with a pcap that is Ethernet.. I've attached a couple of pcaps as example. In the DNS pcap I've attached you can see that the packets don't come across properly and there is no DNS info at all but it did exist in the original sample pcap.
pcaps.zip