Re: Request for new DLT

[Anders Broman <anders.broman () ericsson com>]

From: Pascal Quantin [mailto:pascal.quantin () gmail com] 
Sent: den 19 maj 2013 10:25
To: Michael Richardson
Cc: Anders Broman; tcpdump-workers () lists tcpdump org
Subject: Re: [tcpdump-workers] Request for new DLT

Hi Michael,

2013/5/18 Michael Richardson <mcr () sandelman ca>

> > > > > "Pascal" == Pascal Quantin <pascal.quantin () gmail com> writes:
    Pascal> Anders Broman, Wireshark core developer, is currently designing an export
    Pascal> functionality for PDUs and would need a DLT allocated for this new
    Pascal> functionality.
    Pascal> You will find below the email he tried to send to this mailing list a few
    Pascal> days ago and that got bounced. I hope mine will go through
    Pascal> :)

sorry.

    Anders>  I would need a DLT for a wrapper around higher level PDU's or per-packet
    Anders> DLT:s the format is multipurpose and consists of a number of TLV:s
    Anders> proceeding the actual PDU.
    Anders> There are TLV:s which describes which protocol the PDU is and meta data
    Anders> such as IP address and port (if the transport protocol(s) are striped off).

    Anders> The format can be used by logging functions in various nodes, say after
    Anders> deserialization(SS7 over TDM) decryption(GSM/UMTS/LTE Nodes?) etc.
    Anders> Tag values and an outline of the format can be found here
    Anders> http://anonsvn.wireshark.org/viewvc/trunk/epan/exported_pdu.h?revision=49285&view=markup

Looks like a rather sane TLV structure.
Is it intended to be used beyond SS7 stuff?

    Pascal> Anders can describe it better than me, but the format intends to be versatile.It allows you to export any 
higher level PDUs in a pcap file while maintaining some basic information about the lower layers
    Pascal>  (like the transport one). The current code sample in Wireshark is for SIP protocol, but could be extended 
to any protocol if there is a need. With a DLT allocated, it would allow the feature to work out of 
    Pascal> the box without any user configuration required (right now the implementation is mapped on a user DLT, so 
you must configure Wireshark accordingly).
    Pascal> For example I would see a use for it for the logging capabilities of a mobile phone that use higher layer 
protocols decoded by Wireshark without the traditional network oriented transport layers. Right now
   Pascal> I need to play tricks with user DLT and it prevents mixing protocols.

Yes the intention is to have a versatile format that can fulfill many needs. One more use case could be to save 
decrypted application signaling. The intension is to publish the TLV list and description
A bit more prominently - Wiresharks wiki? Once the format stabilizes and the most useful TLV:s has been defined. 

Regards
Anders 

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers