On Apr 13, 2010, at 3:30 PM, Guy Harris wrote:
I think heuristics are what you use when you can't use anything else; if
they're too strong, they will fail to identify things that they should (and
people will complain about it), and if they're too weak, they will identify
things that they
On Apr 15, 2010, at 9:59 AM, Edgar, Thomas wrote:
After looking at how the pcap_set_datalink process works I think I have
decided to keep my timing method as the default COM interface datalink type.
But I will create it with the capability of setting the datalink type so that
you can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thomas == Thomas Edgar Edgar writes:
Thomas With the timing method I am using I was going for a method
Thomas to capture anything from a COM port and then allow the
Thomas parsing mechanism (like the heuristic dissectors in
Thomas
On Apr 12, 2010, at 4:26 PM, Guy Harris wrote:
I am posting to request a value for DLT_SERIAL and LINKTYPE_SERIAL for use
with libpcap. I am working on a project to update libpcap and Wireshark
to capture and parse RS232 and RS485 traffic (written such that it could
handle a wide range
On Tue, Apr 13, 2010 at 11:53 AM, Edgar, Thomas thomas.ed...@pnl.govwrote:
On Apr 12, 2010, at 4:26 PM, Guy Harris wrote:
I am posting to request a value for DLT_SERIAL and LINKTYPE_SERIAL for
use with libpcap. I am working on a project to update libpcap and
Wireshark to capture and parse
On Apr 13, 2010, at 8:53 AM, Edgar, Thomas wrote:
We are targeting framed protocols over serial, such as the serial versions of
DNP3 and Modbus,
Then perhaps the right thing to do is to have *multiple* DLT_/LINKTYPE_ values,
one for each protocol, and use the particular protocol's framing
On Apr 13, 2010, at 12:02 PM, Guy Harris wrote:
Then perhaps the right thing to do is to have *multiple* DLT_/LINKTYPE_
values, one for each protocol, and use the particular protocol's framing
mechanism when capturing a particular protocol. libpcap has an API to select
link-layer type
On Apr 13, 2010, at 2:34 PM, Edgar, Thomas wrote:
I am open to the possibility of going forward with that approach. Just to
clarify, does this work by the user preselecting the framing mechanism before
the capture is started?
Yes.
For instance, I would have to know that DNP3 is being
I am posting to request a value for DLT_SERIAL and LINKTYPE_SERIAL for use with
libpcap. I am working on a project to update libpcap and Wireshark to capture
and parse RS232 and RS485 traffic (written such that it could handle a wide
range of serial protocols but targeted toward a specific
On Apr 12, 2010, at 3:18 PM, Edgar, Thomas wrote:
I am posting to request a value for DLT_SERIAL and LINKTYPE_SERIAL for use
with libpcap. I am working on a project to update libpcap and Wireshark to
capture and parse RS232 and RS485 traffic (written such that it could handle
a wide
10 matches
Mail list logo
