tcpdump mailing list archives
Re: Request for new DLT
From: Anders Broman <anders.broman () ericsson com>
Date: Mon, 24 Jun 2013 14:45:48 +0000
-----Original Message----- From: Anders Broman Sent: den 19 juni 2013 19:23 To: 'mcr () sandelman ca' Cc: tcpdump-workers () lists tcpdump org Subject: RE: [tcpdump-workers] Request for new DLT -----Original Message----- From: mcr () sandelman ca [mailto:mcr () sandelman ca] Sent: den 19 juni 2013 14:50 To: Anders Broman Cc: tcpdump-workers () lists tcpdump org Subject: Re: [tcpdump-workers] Request for new DLT Anders Broman <anders.broman () ericsson com> wrote: Anders> Hi, Any chance of getting forward on this? I'm not sure what I Anders> should change/make clearer to get this request accepted. We now Anders> have another use case in Wireshark: - Exporting decrypted packets Anders> from SSL sessions by "cutting" them off after the SSL layer and Anders> saving the file with the new DLT value the TLV:s and then the Anders> PDU:s Following after the SSL layer. Regards Anders Broman After the pcap if created, how will another tool know what's in these payloads? That's our fundamental question. Can anyone other than the original person who saved these files have a clue what dissector to apply? Forgive me if I'm just not seeing where this information is going to be. If not, then one of the PCAP private values makes sense. Currently there is two tags defined to indicate which protocol the packet block starts with: #define EXP_PDU_TAG_LINKTYPE 11 /**< The value part is the linktype value defined by tcpdump * http://www.tcpdump.org/linktypes.html */ #define EXP_PDU_TAG_PROTO_NAME 12 /**< The value part should be an ASCII non NULL terminated string * of the short protocol name used by Wireshark e.g "sip" * Will be used to call the next dissector. */ The Wireshak implementation currently only uses EXP_PDU_TAG_PROTO_NAME . Is this good enough? Regards Anders Broman Ping? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr () sandelman ca http://www.sandelman.ca/ | ruby on rails [ _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Re: Request for new DLT, (continued)
- Re: Request for new DLT Michael Richardson (May 18)
- Re: Request for new DLT Pascal Quantin (May 19)
- Re: Request for new DLT Anders Broman (May 21)
- Re: Request for new DLT Michael Richardson (May 23)
- Re: Request for new DLT Pascal Quantin (May 23)
- Re: Request for new DLT Anders Broman (May 24)
- Re: Request for new DLT Anders Broman (Jun 18)
- Message not available
- Re: Request for new DLT Anders Broman (Jun 19)
- Re: Request for new DLT Michael Richardson (Jun 27)
- Re: Request for new DLT Anders Broman (Jun 27)
- Re: Request for new DLT Pascal Quantin (May 19)
- Re: Request for new DLT Michael Richardson (May 18)
- Message not available
- Re: Request for new DLT Anders Broman (Jun 24)