[Wireshark-dev] Wireshark 3.2.1 is now available

2020-01-15 Thread Gerald Combs
I'm proud to announce the release of Wireshark 3.2.1. What is Wireshark? Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. What’s New • The Windows installers now ship with Npcap 0.9986. They previous

Re: [Wireshark-dev] Bypassing the first layer

2020-01-15 Thread Anders Broman via Wireshark-dev
Hi, Did not find it online, but some basics: Put the following lines into a file 00 0c 00 0c 67 73 6d 5f 61 5f 64 74 61 70 00 00 . gsm_a_dtap 67 73 6d 5f 61 5f 64 74 61 70 0010 00 1e 00 04 00 00 00 01 00 00 00 00 08 15 03 And run text2pcap.exe -l 252 Manufacture_frames_exp_pdu

Re: [Wireshark-dev] Bypassing the first layer

2020-01-15 Thread Juanjo Martin Carrascosa
This helps me too. There are some slides about export pdu. But yes, any material is welcome. Thanks for the help team. This is fantastic. On Wed, Jan 15, 2020 at 2:47 PM Dario Lombardo wrote: > I don't think this is what Anders was talking about. This is about extcap, > while I was referring to

Re: [Wireshark-dev] Bypassing the first layer

2020-01-15 Thread Dario Lombardo
I don't think this is what Anders was talking about. This is about extcap, while I was referring to export_pdu. If you or Anders can reference the right one, that would be great. If you want to have a look at something using export_pdu creating a pcap file, have a loot at the udpdump.c code. On We

Re: [Wireshark-dev] Bypassing the first layer

2020-01-15 Thread Juanjo Martin Carrascosa
https://sharkfestus.wireshark.org/assets/presentations18/17.pptx On Wed, Jan 15, 2020 at 2:36 PM Dario Lombardo wrote: > Can you share the link, for future reference? > > On Wed, Jan 15, 2020 at 2:15 PM Juanjo Martin Carrascosa > wrote: > >> Found the presentation, this is fantastic. >> >> Than

Re: [Wireshark-dev] Bypassing the first layer

2020-01-15 Thread Dario Lombardo
Can you share the link, for future reference? On Wed, Jan 15, 2020 at 2:15 PM Juanjo Martin Carrascosa wrote: > Found the presentation, this is fantastic. > > Thanks! > > On Wed, Jan 15, 2020 at 12:58 PM Anders Broman via Wireshark-dev < > wireshark-dev@wireshark.org> wrote: > >> Hi, >> >> In th

Re: [Wireshark-dev] Bypassing the first layer

2020-01-15 Thread Juanjo Martin Carrascosa
Found the presentation, this is fantastic. Thanks! On Wed, Jan 15, 2020 at 12:58 PM Anders Broman via Wireshark-dev < wireshark-dev@wireshark.org> wrote: > Hi, > > In the frame layer there is the “Encapsulation type” the way the pcap > format works this indicates how the data following should be

Re: [Wireshark-dev] Bypassing the first layer

2020-01-15 Thread Anders Broman via Wireshark-dev
Hi, In the frame layer there is the “Encapsulation type” the way the pcap format works this indicates how the data following should be interpreted. Linktype/encapsulation type is defined at https://www.tcpdump.org/linktypes.html so one thing you could

Re: [Wireshark-dev] Bypassing the first layer

2020-01-15 Thread Juanjo Martin Carrascosa
Hi Dario, Could you elaborate on this? I get the idea but my knowledge about the how is very basic. How can this help me achieve what I need? Thanks for the help. Juanjo Martin On Tue, Jan 14, 2020 at 4:48 PM Dario Lombardo wrote: > You can use export_pdu. This is a layer with multiple attrib