tcpdump mailing list archives
Re: Request for a new DLT for MTP2 with FCS
From: Guy Harris <guy () alum mit edu>
Date: Thu, 8 Feb 2007 19:32:10 -0800
On Feb 8, 2007, at 1:22 PM, Stephen Donnelly wrote:
As a question to the community in general, is it true that the link layer checksum is not normally included in libpcap records,
No.For example, sometimes a frame in a DLT_EN10MB capture might have the CRC, and other times it might not. Unfortunately, there's currently no mechanism in libpcap - or in the capture mechanism used on at least one family of OSes where that can happen (BPF) - to indicate which frames have a CRC and which don't, so Wireshark, for example, has a hack^Wheuristic to try to figure it out.
That can't be indicated with a different DLT_ value, because packets that are sent *by* the machine doing the capture don't have the CRC. It has to be done on a per-packet basis.
and that only frames with valid L2 checksums are normally captured?
That's not necessarily the case, either; I think some BSD drivers, for example, will put the adapter in "accept even bad packets" mode when a BPF ioctl is done to put it in promiscuous mode.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Request for a new DLT for MTP2 with FCS Florent . Drouin (Feb 06)
- Re: Request for a new DLT for MTP2 with FCS Stephen Donnelly (Feb 06)
- Re: Request for a new DLT for MTP2 with FCS Florent . Drouin (Feb 08)
- Re: Request for a new DLT for MTP2 with FCS Stephen Donnelly (Feb 08)
- Re: Request for a new DLT for MTP2 with FCS Guy Harris (Feb 08)
- Re: Request for a new DLT for MTP2 with FCS Florent . Drouin (Feb 08)
- Re: Request for a new DLT for MTP2 with FCS Stephen Donnelly (Feb 06)