Re: Request for new DLT and LINKTYPE value

["Edgar, Thomas" <thomas.edgar () pnl gov>]

On Apr 12, 2010, at 4:26 PM, Guy Harris wrote:
> > I am posting to request a value for DLT_SERIAL and LINKTYPE_SERIAL for use with libpcap.  I am  >working on a 
> > project to update libpcap and Wireshark to capture and parse RS232 and RS485 traffic  >(written such that it could 
> > handle a wide range of serial protocols but targeted toward a specific  >application).
>
> What form of packet framing are you doing?  Neither libpcap nor tcpdump nor Wireshark nor... can >handle a stream of 
> bytes not ultimately broken up into packets of some sort.
>
> The framing could be as simple as just dropping packet boundaries in at arbitrary points.

We are targeting framed protocols over serial, such as the serial versions of DNP3 and Modbus, and not free form serial 
like ASCII commands to a console.  I am using a time threshold since last data received to define frames to try to 
accommodate the majority of serial protocols out there; with the understanding of course that some may not capture 
correctly this way.  A timer is monitored once the first chunk of data is received and if the time threshold is reached 
before receiving more data then whatever is in the buffer is considered a complete frame.  Modbus RTU (or the serial 
version of Modbus) does framing in a similar method.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.