tcpdump mailing list archives

Re: Request for a new DLT

From: "Fulko Hew" <fulko.hew () gmail com>
Date: Tue, 17 Jul 2007 13:18:23 -0400

On 7/17/07, Guy Harris <guy () alum mit edu> wrote:

Fulko Hew wrote:
> I am formally requesting a new DLT value to support capture traffic
> from my companies

So that'd be SITA:

        http://www.sita.aero/default.htm


Correct.

> LAN/WAN router/protocol converter device.
>
> Since this device supports WAN protocols, this new DLT will be
> used to provide/indicate that the data stream contains a
> number of WAN port specific pieces of information such as:
>
> - message direction
> - hardware signal line states (RTS, CTS, DCD, etc.)
> - transmit/receive error/status bits.
> - a protocol type indicator (Frame Relay, LAPB, IPARS, UTS, etc.)

So a given capture can have packets in it with multiple different
protocol types?


A given capture will be attached to a particular WAN port, and a port
can only support one protocol at a time so...

a given capture will only ever have a single protocol within it,
but since the header is common for all protocols, I thought it was better to
ask for a single DLT instead rather than one DLT per protocol.
Basically this DLT defines 'serial WAN' support but throws in some proprietary
(embedded protocol implementation) handling too.

For example, I thought of supporting DLT_FR for frame relay, but then I
would have been required to pass 'data' only.  This way I can pass the other
useful info too.

> This 5 byte header/control-structure will be prefixed to each captured
> data packet, but will not be considered as part of the 'data packet'
> that will be decoded as part of Wireshark, etc.

So will the format of that header be public, or private?


Public.

I will also be releasing (minimal) Wireshark dissectors for this DLT
as well as the two 'airline industry' related protocols.

Unfortunately SITA isn't being contracted to create the dissectors,
but I will be providing some minimal dissectors (that our customer (may) extend.
(Or I might do it during my copious spare time.)
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Request for a new DLT Fulko Hew (Jul 17)
- Re: Request for a new DLT Guy Harris (Jul 17)
  - Re: Request for a new DLT Fulko Hew (Jul 17)
    - Re: Request for a new DLT Guy Harris (Jul 17)
    - Re: Request for a new DLT Fulko Hew (Jul 17)
    - Re: Request for a new DLT Guy Harris (Jul 17)
    - Re: Request for a new DLT Fulko Hew (Jul 18)
    - Re: Request for a new DLT Guy Harris (Jul 18)
    - Re: Request for a new DLT Fulko Hew (Jul 18)
    - Re: Request for a new DLT Guy Harris (Jul 18)
    - Re: Request for a new DLT Fulko Hew (Jul 19)