tcpdump mailing list archives
Re: Link-Layer Header Type request for USBPcap
From: Guy Harris <guy () alum mit edu>
Date: Mon, 25 Mar 2013 03:08:48 -0700
On Mar 25, 2013, at 2:48 AM, Tomasz Moń <desowin () gmail com> wrote:
For the USBPcap project I would like to request a new link-layer header type value: LINKTYPE_USBPCAP DLT_USBPCAP Capture format specification is available at the project website [1] and could be described as pseudo-header for USB packets captured using USBPcap on Microsoft Windows.
#pragma pack(1)
typedef struct
{
USHORT headerLen; /* This header length */
UINT64 irpId; /* I/O Request packet ID */
So headerLen is at an offset of 0, and irpId is at an offset of 2, right?
o irpId is merely a pointer to IRP casted to the UINT64
I.e., it's an 64-bit cookie whose bits have no particular significance, given that, within a file, there's nothing for it to point to.
o transfer determines the transfer type and thus the header type. See below for details.
o dataLength specifies the total length of transfer data to follow directly after the header.
Transfer-specific headers
Presumably the "transfer-specific header" follows the USBPCAP_BUFFER_PACKET_HEADER in the packet data, with the transfer data following the transfer-specific header. _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Link-Layer Header Type request for USBPcap Tomasz Moń (Mar 25)
- Re: Link-Layer Header Type request for USBPcap Guy Harris (Mar 25)
- Re: Link-Layer Header Type request for USBPcap Tomasz Moń (Mar 25)
- Re: Link-Layer Header Type request for USBPcap Guy Harris (Mar 27)
- Re: Link-Layer Header Type request for USBPcap Tomasz Moń (Mar 25)
- Re: Link-Layer Header Type request for USBPcap Guy Harris (Mar 25)