Hi Guy and Michael
After piecing everything together, I think I will focus my efforts on
using the regular PCAP file
and fix and update the current draft for DLT_ELEE. SCTP part for ELEE
protocol is missing so I
will also add that ASAP. I would like the new LI system to be based on
new
What works great for me now is the custom DLT and regular PCAP in
Wireshark. The dissector I wrote
allows me to do a search based on that "metadata" and then use WIreshark
to for example play RTP CC data
for SIP calls. I am not sure if pcapng is fully supported if i decide to
implement all that
On May 18, 2019, at 5:03 PM, Damir Franusic wrote:
> And does wireshark currently support new block types and custom options in
> EPBs. I would need to access them in dissector plugin, that's what I'm
> worried about.
There are three types of blocks:
1) standard blocks - you must
And does wireshark currently support new block types and custom options in
EPBs. I would need to access them in dissector plugin, that's what I'm worried
about.
--
Damir Franusic
http://socket.hr
http://github.com/dfranusic
On May 19, 2019 2:00:19 AM GMT+02:00, Guy Harris wrote:
>On May 18,
On May 18, 2019, at 4:26 PM, Damir Franusic wrote:
> I chose pcap since it's older and there's a better change for support and I
> have previously encountered one agency that actually demanded it.
That might be a sufficient reason for pcapng not to be the answer - if there
are law enforcement
On May 18, 2019, at 3:05 PM, Damir Franusic wrote:
> I know it's extensible but ELEE is used for different purpose
LINKTYPE_ELEE is used for the *same* purpose as pcapng - recording timestamped
network events, and metadata for those events and for the capture process, in a
file.
"Target
Hi
LEAs SHOULD accept only ASN.1 BER encoded but that is not the case. I
encountered a case where they wanted us
to convert that ASN.1 back to pcap. And the problem was that IRI is not
packet data and that's why I would like a new DLT so I could either have
a pcap file with all ELLE data or
No I get now what you you're saying. You think that I should rewrite the
draft to explain custom options in
Enhanced Packet Block, rather than using a new DLT ?
On May 12, 2019, at 1:28 PM, Damir Franusic wrote:
> I've tried to be as prompt and as accurate as possible so here is the draft,
> I hope you'll appreciate the effort. I agree
> that the initial thing I sent was an abomination. I will work on this draft
> as the project progresses, but for
On May 18, 2019, at 3:54 PM, Michael Richardson wrote:
> Guy Harris wrote:
>> If we *do* use pcapng, that would mean that:
>
>> 1) Wireshark wouldn't be able to read the lawful intercept information
>> in the files until support for new block types and options are added to
>> it;
>
> Is
Hi
Df_type is a part of CC configuration set by LEA for that target and I
made a little mistake not explaining it properly.
This encoding is only relevant for IRI data in which case, Data can be
either 0x03 ELEE format for IRI which is explained in
3.3.2.1.2.1.2.1.
On May 11, 2019, at 3:42 PM, Michael Richardson wrote:
> Also, it might be that pcapng would actually be a really good container for
> your work rather than inventing yet-another-TLV.
Are there any law enforcement agencies that *will* accept a pcap file but
*won't* accept a pcapng file? *If*
Hi
I know it's extensible but ELEE is used for different purpose but I get you're
trying to say.
--
Damir Franusic
http://socket.hr
http://github.com/dfranusic
On May 18, 2019 11:18:00 PM GMT+02:00, Michael Richardson
wrote:
>Damir Franusic wrote:
>> Hi
>
>> I have read the specs for
Hi
The final link is this one:
http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=http://socket.hr/draft-dfranusic-opsawg-elee-00.xml=html/ascii
..so draft-dfranusic-opsawg-elee-00.xml
Guy has already assigned new DLT and used this link. It seemed more appropriate
to target a specific
Damir Franusic wrote:
> for Lawful Interception Data which can also use SCTP for transport,
should I
> use the following naming
> scheme**instead:***draft-dfranusic-**tsvwg-00 *
No, that would make your draft visible to the Transport WG datatracker, and
unless it is your intention
Damir Franusic wrote:
> Hi
> I have read the specs for pcapng but then again I would have have to use
The
> Simple Packet Block (SPB) or
> An Enhanced Packet Block (EPB) and that would not solve my problem
because of
> this:
pcapng is explicitely designed to be easily
Cheers Guy and thank You for all Your assistance.
--
Damir Franusic
http://socket.hr
http://github.com/dfranusic
On May 17, 2019 11:05:48 PM GMT+02:00, Guy Harris wrote:
>On May 17, 2019, at 1:50 PM, Damir Franusic
>wrote:
>
>> Can we conclude this and make a nek LINKTYPE_ entry linked to
On May 17, 2019, at 1:50 PM, Damir Franusic wrote:
> Can we conclude this and make a nek LINKTYPE_ entry linked to this draft?
OK, I've added LINKTYPE_ELEE/DLT_ELEE, with a value of 286.
___
tcpdump-workers mailing list
Well since it's a draft and I am only targeting the group I think this will be
ok:
http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=http://socket.hr/draft-dfranusic-opsawg-elee-00.xml=html/ascii
Can we conclude this and make a nek LINKTYPE_ entry linked to this draft?
--
Damir Franusic
On May 17, 2019, at 1:35 PM, Damir Franusic wrote:
> Hmm In wouldn't want to ask for a new group but from all the those groups,
> opsawg seems somehow appropriate, or maybe not?
Well, there is at least one lawful intercept related I-D from that group:
Hmm In wouldn't want to ask for a new group but from all the those groups,
opsawg seems somehow appropriate, or maybe not?
--
Damir Franusic
http://socket.hr
http://github.com/dfranusic
On May 17, 2019 10:26:42 PM GMT+02:00, Guy Harris wrote:
>On May 17, 2019, at 11:34 AM, Damir Franusic
On May 17, 2019, at 11:34 AM, Damir Franusic wrote:
> I apologize for my previous mail, issues with email client. What I wanted to
> ask is whether I should name the draft like this:
>
> draft-dfranusic-tsvwg-elee-00
See
https://www.ietf.org/standards/ids/guidelines/#7
If you're
On May 12, 2019, at 2:33 PM, Damir Franusic wrote:
> You know a lot about this RFC process than I do.
A small amount, maybe, but definitely not a lot.
What I know I found out by doing a Web search for
internet-draft process
and reading pages on IETF Web sites.
See, for example:
I apologize for my previous mail, issues with email client. What I wanted to
ask is whether I should name the draft like this:
draft-dfranusic-tsvwg-elee-00
Thanks,
--
Damir Franusic
http://socket.hr
http://github.com/dfranusic
On May 17, 2019 8:29:34 PM GMT+02:00, Damir Franusic
wrote:
Hi Guy
I have a question regarding the target working group. Since this is a
Link Layer transport protocol
for Lawful Interception Data which can also use SCTP for transport,
should I use the following naming
scheme**instead:***draft-dfranusic-**tsvwg-00 *
What you you suggest?
*
*
On
Hi Guy
I just made a little TOC change in the draft but that's all. Version 00 is
there and you can link it and it with a new LINKTYPE_ELEE.
http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=http://socket.hr/draft-dfranusic-elee-00.xml=html/ascii
On May 12, 2019 11:00:16 PM GMT+02:00, Guy
Hi
I used I-D since It's still work in progress. And yes, I also looked at pcapng
and assumed I couldn't go wrong with following those guideline s. I've never
written an RFC or I-D so using pcapng draft seemed like a good starting point.
I plan to document the SCTP part also and when it's all
On May 12, 2019, at 1:48 PM, Damir Franusic wrote:
> That would be great thanks. That's all I ever wanted really, but now I
> understand the relevance of having a proper I-D.
It will also be useful for documenting the protocol when run over SCTP.
Are you planning on running the protocol
That would be great thanks. That's all I ever wanted really, but now I
understand the relevance of having a proper I-D. And yes, you are correct
regarding the Header/PDU; quite simple.
On May 12, 2019 10:38:21 PM GMT+02:00, Guy Harris wrote:
>On May 12, 2019, at 1:28 PM, Damir Franusic
On May 12, 2019, at 1:28 PM, Damir Franusic wrote:
> I've tried to be as prompt and as accurate as possible so here is the draft,
> I hope you'll appreciate the effort. I agree
> that the initial thing I sent was an abomination. I will work on this draft
> as the project progresses, but for
Hi Guy
I've tried to be as prompt and as accurate as possible so here is the
draft, I hope you'll appreciate the effort. I agree
that the initial thing I sent was an abomination. I will work on this
draft as the project progresses, but for now, it covers
everything implemented so far.
Hi again
I think maybe this will explain things a bit better. Li systems correlate
everything using LI_ID and for them this serves a purpose of being
their equivalent of a Link Layer Type. From what I sent earlier, the
tshark CC
example output, you can see that one of ELEE protocol's fields is
Hi
I have read the specs for pcapng but then again I would have have to use
The Simple Packet Block (SPB) or
An Enhanced Packet Block (EPB) and that would not solve my problem
because of this:
Packet Data: the data coming from the network, including link-layer
headers. ..The format of
Hi Michael
You know, I also share your disdain for ASN.1 format but in the mobile
networks
for example, it is used to define most protocols (TCAP, GSM MAP, etc.)
and I don't
see that changing any time soon.
I think you may have misunderstood me. I only mentioned SCTP in context
of
No problem, I will do my best to describe the current version, you'll get it
tomorrow.
Thank You for being so prompt
On May 12, 2019 12:02:42 AM GMT+02:00, Guy Harris wrote:
>On May 11, 2019, at 2:51 PM, Damir Franusic
>wrote:
>
>> PDU types are extendable and there might be more of them in
PDU types are extendable and there might be more of them in the future. I
wanted to make it like this so adding new types would not present a big issue.
I can define the two PDU types used at present moment but maybe it would be
more practical to leave PDU payload part as generic octet stream
On May 11, 2019, at 7:26 AM, Damir Franusic wrote:
> *Example tshark output for IRI:*
...
> ELEE Protocol
>Protocol version: 1
>PDU type: Target PDU (1)
>Source node: elee.ppd.node_1
>Destination node: .
>Target PDU
>Lawful interception identifier:
On May 11, 2019, at 1:39 PM, Damir Franusic wrote:
> Like I sad, I don't have the complete documentation ready,
When you have the complete documentation ready, let us know.
> but this is the general format:
>
> +-+
> | Version |
> |
On May 11, 2019, at 2:51 PM, Damir Franusic wrote:
> PDU types are extendable and there might be more of them in the future. I
> wanted to make it like this so adding new types would not present a big
> issue. I can define the two PDU types used at present moment but maybe it
> would be more
Hi
Like I sad, I don't have the complete documentation ready, but
this is the general format:
+-+
| Version |
| (1 Octet) |
| |
+-+
| PDU Type
Hi
My name is Damir and I am a founder of a Croatian based company called
*Socket d.o.o. *
We are currently working on an *ETSI compliant Lawful
Interception*solution; It is a
work in progress but we already have couple of clients in need of this
solution.
The problem with *LI*is that
41 matches
Mail list logo
