Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Npcap 0.04 call for test

From: Guy Harris <guy () alum mit edu>
Date: Sat, 22 Aug 2015 20:07:33 -0700

On Aug 22, 2015, at 11:07 AM, Pascal Quantin <pascal.quantin () gmail com> wrote:


DLT_NULL does not work as expected because Npcap is still providing a linktype of type Ethernet instead of Null. I 
was able to fix the encapsulation of a captue by running editcap -T null dlt_null.pcapng dlt_null_fixed.pcapng.


OK, that's issue 1) in my "why it wouldn't work" list.

The driver and DLL need to provide NdisMediumNull as the medium type to the WinPcap library, so it maps it to DLT_NULL.


Another issue is that value 23 is not interpreted as IPv6 for Windows, but as Netware IPX/SPX. Should we "steal" the 
value of another system? For now the NULL dissector supports IPv6 codes for BSD (24), FreeBSD (28) and OS X (30). 
Guy, what do you think?


That's the issue I mentioned for IPv6; any of those three values should work.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: