chifflier
commented
9 months ago Hi, Thank you for your contribution. This looks good to me, even if there are no specifications nor test files that I can use. Merged, thanks
Closed jgamba-te closed 9 months ago
chifflier
commented
9 months ago Hi, Thank you for your contribution. This looks good to me, even if there are no specifications nor test files that I can use. Merged, thanks
Hello,
this PR adds support for Apple specific PIB (process information blocks) which contain metadata about the process originating a given packet. These blocks contain some basic info about the processes (process name and command for instance). There is no public documentation about these blocks that I could find but Apple did release their version of
libpcapwhich contains some details (see for instance: https://github.com/apple-opensource/libpcap/blob/master/libpcap/pcap/pcap-ng.h#L330).To test this you will need a Mac and capture packets with the PKTAP interface: