Re: Two DLT Requests For Bluetooth RF Captures

[Chris Kilgour <techie () whiterocker com>]

On 02/14/2014 04:46 PM, Guy Harris wrote:
> What is the "nanosecond offset to pcap timestamp"?  pcap-ng lets you specify the resolution of time stamps, and even 
> pcap lets you, at least with newer versions of libpcap and Wireshark, specify nanosecond resolution with a different 
> magic number.

The motivation was classic pcap.  I was up on pcap-ng, but did not realize the pcap format has an updated variant with 
higher-precision timestamps.  So I have removed the ns field from the pseudoheaders.

> Translating them into the style in the pages under http://www.tcpdump.org/linktypes would be helpful.  It avoids 
> worrying about C/C-derived-language data structure names - or anything *else* about C and languages derived from it - 
> and also makes it easier to add the link-layer header type to the Web site.

Okay, I will do this.  Are the linktype description pages developed with any tools or templates, or just written as 
HTML (with the website's CSS applied)?

I also have a question prompted by reviewing some sample pages like [1] and [2].

It seems some folks choose little-endian for multi-byte fields and others choose network/big-endian.  It there a 
preference here?  Is it acceptable to define these fields as having the same endianness as the pcap file header (or 
pcap-ng section header)?

[1] http://www.tcpdump.org/linktypes/LINKTYPE_NG40.html
[2] http://www.tcpdump.org/linktypes/LINKTYPE_NETANALYZER.html

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers