Re: [tcpdump-workers] Re: 802.11 libpcap support
Guy == Guy Harris [EMAIL PROTECTED] writes: Guy On Wed, May 22, 2002 at 09:46:33PM -0400, Michael Richardson wrote: I'm not sure that PPPoE matters because in most cases there is a PPPX device which one can use to capture just the PPP packets. Guy Does that also apply in the Ethernet-over-ATM and VLAN cases? (Or is Guy that OS-dependent, with, say, some OSes having interfaces for VLANs as Guy well as an interface for the raw Ethernet, and others not doing so?) Yes, there is the OS-dependant issue - not everyone has VLANX interfaces. But, PPPoE is really more similar to GRE than 802.2 encapsulation. Guy (Yes, tunneling can be fun. I'll have to dig up the frame relay capture Guy somebody sent me - it had something like IP inside Frame Relay inside Guy GRE inside IP inside Ethernet.) I'll see that and raise you HTTP/TCP/IP/PPP/L2TP/UDP/MPLS/MPLS/GigE-802.3. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[ ] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic(Just another NetBSD/notebook using, kernel hacking, security guy); [ - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
Re: [tcpdump-workers] Re: 802.11 libpcap support
On Wed, May 22, 2002 at 03:30:11PM -0400, Michael Richardson wrote: 1) GigE, which has to do 802.3 and not EthernetII if you want jumbo frames. I.e., if you're doing jumbo frames, it sends 802.3 frames with a length field greater than 1500, so that the usual if it's 1500, it's an Ethertype, and if it's = 1500, it's a length field check has to be turned off for jumbo frame GigE? If so, the answer there might be to add a DLT_IEEE802_3 type, which is returned by Ethernet devices running in a mode where there are 802.3 packets with a length field 1500, and have tcpdump, Ethereal, etc. always dissect those frames as 802.3 frames, rather than doing the type/length field check. 2) CiscoHDLC type stuff. Which Cisco HDLC stuff? There's a DLT_ type for Cisco HDLC - DLT_C_HDLC; interfaces that can run, for example, PPP or CHDLC should return DLT_PPP if they're running PPP and DLT_C_HDLC if they're running Cisco HDLC. (If they're running both on the *same* line, you'd have to return DLT_PPP and have the program look at the header to determine whether it's: PPP-with-HDLC-framing, starting with 0xff 0x03; Cisco HDLC, starting with 0x0f or 0x8f; PPP-without-HDLC-framing, starting with anything else. 3) Ethernet over ATM types. Is that the bridged Ethernet over ATM stuff? - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
Re: [tcpdump-workers] Re: 802.11 libpcap support
On Wed, May 22, 2002 at 09:46:33PM -0400, Michael Richardson wrote: I'm not sure that PPPoE matters because in most cases there is a PPPX device which one can use to capture just the PPP packets. Does that also apply in the Ethernet-over-ATM and VLAN cases? (Or is that OS-dependent, with, say, some OSes having interfaces for VLANs as well as an interface for the raw Ethernet, and others not doing so?) (Yes, tunneling can be fun. I'll have to dig up the frame relay capture somebody sent me - it had something like IP inside Frame Relay inside GRE inside IP inside Ethernet.) - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
