Guy Harris > On Mon, Feb 16, 2004 at 12:48:08PM +0100, [EMAIL PROTECTED] wrote: > > I'm trying to analize BGP session over ATM but I get "network type 13 > > unknown". > > On what OS did you run tcpdump? > > A network capture type of 13 means different things on different OSes. > > In FreeBSD and NetBSD, it means DLT_SLIP_BSDOS, which is a libpcap > encapsulation of SLIP that's used in BSD/OS - but FreeBSD and NetBSD > don't use that encapsulation and don't generate captures of that sort, > and DLT_SLIP_BSDOS is 15, not 13, in BSD/OS. > > In BSD/OS, 13 is DLT_ATM_RFC1483, for traffic encapsulated over ATM AAL5 > as per RFC 1483. > > In OpenBSD, it's DLT_ENC, which I think is some sort of encapsulation > used for decrypted IPsec traffic. >
diaz_d1 enclosed a sample capture with his mail. I think it looked like LLC header AA-AA-03 (i.e. SNAP header), but with four bytes before the LLC header. I guess that it is DLT_ATM_RFC1483 but with four extra bytes first. _______________________________________________ Ethereal-users mailing list [EMAIL PROTECTED] http://www.ethereal.com/mailman/listinfo/ethereal-users
