On Nov 15, 2023, at 1:33 AM, Michael Richardson <[email protected]> wrote:
> Hi, the three PCAP I-Ds have been stable for sometime now.
...
> draft-ietf-opsawg-pcaplinktype - Standards Track to create Registry
Presumably the registry will contain more information than is in that I-D, or
links to more information, as what's in the I-D is insufficient to describe the
formats of packets for many LINKTYPE_ values.
For example, LINKTYPE_LINUX_SLL just says "Linux "cooked" capture
encapsulation", but does not indicate what that is; the entry for it on the
tcpdump.org link-layer header types page at
https://www.tcpdump.org/linktypes.html
has a link to a description of the format.
For another example, LINKTYPE_NULL just says "BSD loopback encapsulation", but
does not indicate what that is; the entry for it on the tcpdump.org link-layer
header types page says
BSD loopback encapsulation; the link layer header is a 4-byte field, in
host byte order, containing a value of 2 for IPv4 packets, a value of either
24, 28, or 30 for IPv6 packets, a value of 7 for OSI packets, or a value of 23
for IPX packets. All of the IPv6 values correspond to IPv6 packets; code
reading files should check for all of them.
Note that ``host byte order'' is the byte order of the machine on that
the packets are captured; if a live capture is being done, ``host byte order''
is the byte order of the machine capturing the packets, but if a ``savefile''
is being read, the byte order is not necessarily that of the machine reading
the capture file.
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
