tcpdump mailing list archives

Re: Request for new DLT

From: Pascal Quantin <pascal.quantin () gmail com>
Date: Sun, 19 May 2013 10:25:27 +0200

Hi Michael,

2013/5/18 Michael Richardson <mcr () sandelman ca>

"Pascal" == Pascal Quantin <pascal.quantin () gmail com> writes:

    Pascal> Anders Broman, Wireshark core developer, is currently
designing an export
    Pascal> functionality for PDUs and would need a DLT allocated for this
new
    Pascal> functionality.
    Pascal> You will find below the email he tried to send to this mailing
list a few
    Pascal> days ago and that got bounced. I hope mine will go through
    Pascal> :)

sorry.

    Anders>  I would need a DLT for a wrapper around higher level PDU's or
per-packet
    Anders> DLT:s the format is multipurpose and consists of a number of
TLV:s
    Anders> proceeding the actual PDU.
    Anders> There are TLV:s which describes which protocol the PDU is and
meta data
    Anders> such as IP address and port (if the transport protocol(s) are
striped off).

    Anders> The format can be used by logging functions in various nodes,
say after
    Anders> deserialization(SS7 over TDM) decryption(GSM/UMTS/LTE Nodes?)
etc.
    Anders> Tag values and an outline of the format can be found here
    Anders>
http://anonsvn.wireshark.org/viewvc/trunk/epan/exported_pdu.h?revision=49285&view=markup

Looks like a rather sane TLV structure.
Is it intended to be used beyond SS7 stuff?



Anders can describe it better than me, but the format intends to be
versatile.It allows you to export any higher level PDUs in a pcap file
while maintaining some basic information about the lower layers (like the
transport one). The current code sample in Wireshark is for SIP protocol,
but could be extended to any protocol if there is a need. With a DLT
allocated, it would allow the feature to work out of the box without any
user configuration required (right now the implementation is mapped on a
user DLT, so you must configure Wireshark accordingly).
For example I would see a use for it for the logging capabilities of a
mobile phone that use higher layer protocols decoded by Wireshark without
the traditional network oriented transport layers. Right now I need to play
tricks with user DLT and it prevents mixing protocols.

Regards,
Pascal.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

Request for new DLT Pascal Quantin (May 18)
- Re: Request for new DLT Michael Richardson (May 18)
  - Re: Request for new DLT Pascal Quantin (May 19)
    - Re: Request for new DLT Anders Broman (May 21)
    - Re: Request for new DLT Michael Richardson (May 23)
    - Re: Request for new DLT Pascal Quantin (May 23)
    - Re: Request for new DLT Anders Broman (May 24)
    - Re: Request for new DLT Anders Broman (Jun 18)
    - Message not available
    - Re: Request for new DLT Anders Broman (Jun 19)
    - Re: Request for new DLT Michael Richardson (Jun 27)
    - Re: Request for new DLT Anders Broman (Jun 27)
    - Message not available
    - Re: Request for new DLT Anders Broman (Jun 24)
- <Possible follow-ups>
- Request for new DLT Anders Broman (May 18)

(Thread continues...)