Re: Request for new pcap/pcapng DLT Format

[chris_bontje () selinc com]

Hi Guy,

Those names sound good to me for the RTAC serial captures.

After looking a little closer, I suspect that since the RTAC platform is 
Linux-based, the programmers used the libpcap library to perform captures 
and that library is responsible for the output of the SLL format.  I'll 
revise the comments section in the code header to clarify a little bit 
more on that point.

Regards,

Chris Bontje
Schweitzer Engineering Labs
Automation Application Specialist, SW Region
(509)334-5664
chris_bontje () selinc com




From:   Guy Harris <guy () alum mit edu>
To:     chris_bontje () selinc com
Cc:     tcpdump-workers () lists tcpdump org
Date:   05/20/2013 12:33 PM
Subject:        Re: [tcpdump-workers] Request for new pcap/pcapng DLT 
Format




On May 13, 2013, at 1:04 PM, chris_bontje () selinc com wrote:

> Hi, I would like to request a custom DLT type for the Schweitzer 
> Engineering Laboratories "RTAC" product.  Information on the 
> product/purpose of the DLT is included below:

Do LINKTYPE_RTAC_SERIAL/DLT_RTAC_SERIAL sound like good names?

> All Ethernet-based capture files will have a packets with a "Linux 
Cooked 
> Capture" Ethernet-header

That's not an Ethernet header:

                 http://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html

Any particular reason not to use LINKTYPE_ETHERNET/DLT_EN10MB, rather than 
LINKTYPE_LINUX_SLL/DLT_LINUX_SLL, for Ethernet captures?
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers