tcpdump mailing list archives
Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG
From: developer--- via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Thu, 4 Feb 2021 11:41:48 +0000
--- Begin Message --- From: "developer () auerswald de" <developer () auerswald de>
Date: Thu, 4 Feb 2021 11:41:48 +0000
Hi, We currently use this code in our lua dissector to display (decoded) SIP messages. -- offsets will change with the new LINKTYPE if (buf(148,2):uint() == MSG_TYPE_SIP) then sadd("src_ip",0,16) sadd("src_port",16,2,"uint") sadd("dst_ip", 18,16) sadd("dst_port",34,2,"uint") Dissector.get("sip"):call(buf(msg_start, msg_len):tvb(), pinfo, subtree) return end We could theoretically use a different LINKTYPE_ that would just contain the same SIP information, however it would cause major changes for us, due to the way logging is realized in our systems. We had to adapt a legacy logging interface that does not allow us to put those packages into a different LINKLAYER_ without some major redesign, for which I do not see any time in the near future. The pcapng interface we provide only combines network traffic with that one logging stream. Best regards Frank Gorgas-Waller ________________________________ Von: Anders Broman <anders.broman () ericsson com> Gesendet: Donnerstag, 4. Februar 2021 10:32:51 An: Michael Richardson; developer () auerswald de Cc: tcpdump-workers () lists tcpdump org Betreff: Re: [tcpdump-workers] Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Hi, You should perhaps take a look at the exported plus link type and wireshark sources. It may be doing similar things. New tags could be added. Regards Anders Hämta Outlook för Android<https://aka.ms/ghei36> ________________________________ From: tcpdump-workers <tcpdump-workers-bounces () lists tcpdump org> on behalf of developer--- via tcpdump-workers <tcpdump-workers () lists tcpdump org> Sent: Thursday, February 4, 2021 10:25:07 AM To: Michael Richardson <mcr () sandelman ca> Cc: tcpdump-workers () lists tcpdump org <tcpdump-workers () lists tcpdump org> Subject: Re: [tcpdump-workers] Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://protect2.fireeye.com/v1/url?k=6834631a-37af5a37-68342381-8692dc8284cb-36a161c5fa71f9bb&q=1&e=1c2aa5de-a64f-4983-9bfb-41b294d0b43c&u=https%3A%2F%2Flists.sandelman.ca%2Fmailman%2Flistinfo%2Ftcpdump-workers
--- End Message ---
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 03)
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Guy Harris via tcpdump-workers (Feb 03)
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Michael Richardson via tcpdump-workers (Feb 03)
- Message not available
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 04)
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Anders Broman via tcpdump-workers (Feb 04)
- Message not available
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 04)
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Guy Harris via tcpdump-workers (Feb 04)
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 04)
- <Possible follow-ups>
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 04)
- Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 12)
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Guy Harris via tcpdump-workers (Mar 18)