tcpdump mailing list archives
Re: Request for new DLT number
From: Gianluca Varenni <Gianluca.Varenni () riverbed com>
Date: Tue, 28 Dec 2010 20:23:37 -0800
This is what PPI does. http://www.cacetech.com/documents/PPI%20Header%20format%201.0.10.pdf There is already a DLT for PPI (DLT_PPI). The only difference from your solution is that the minimum header before the packet is 8 bytes (instead of 4). The advantage is that Wireshark already supports this DLT. Have a nice day GV -----Original Message----- From: tcpdump-workers-owner () lists tcpdump org [mailto:tcpdump-workers-owner () lists tcpdump org] On Behalf Of Darren Reed Sent: Tuesday, December 28, 2010 7:02 PM To: tcpdump-workers () lists tcpdump org Subject: [tcpdump-workers] Request for new DLT number I've been looking through all of the DLT decoders looking for one that has just the DLT number in the header but I couldn't find one. Is there an existing DLT that matches this description? Otherwise, I'd like to request DLT_DLT (or something like that) be allocated to represent a 4 byte (network order) integer value that describes the DLT of the following data. In pcap files, it would roughly translate to the following being possible: [pcap file header, dlt = DLT_DLT] [pcap header with time stamp] [4 bytes, = DLT_EN10MB] [ethernet packet] [pcap header with time stamp] [4 bytes, = DLT_PPP] [ppp packet] Yes, I understand that "next gen pcap" can do this, no I don't want to use "next gen pcap" because that amount of change is just too big. Darren - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Request for new DLT number Darren Reed (Dec 28)
- Re: Request for new DLT number Gianluca Varenni (Dec 28)
- Re: Request for new DLT number Gianluca Varenni (Dec 29)
- Re: Request for new DLT number Guy Harris (Dec 29)