From: Pascal Quantin [mailto:pascal.quan...@gmail.com] Sent: den 19 maj 2013 10:25 To: Michael Richardson Cc: Anders Broman; tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] Request for new DLT
Hi Michael, 2013/5/18 Michael Richardson <m...@sandelman.ca> >>>>> "Pascal" == Pascal Quantin <pascal.quan...@gmail.com> writes: Pascal> Anders Broman, Wireshark core developer, is currently designing an export Pascal> functionality for PDUs and would need a DLT allocated for this new Pascal> functionality. Pascal> You will find below the email he tried to send to this mailing list a few Pascal> days ago and that got bounced. I hope mine will go through Pascal> :) sorry. Anders> I would need a DLT for a wrapper around higher level PDU's or per-packet Anders> DLT:s the format is multipurpose and consists of a number of TLV:s Anders> proceeding the actual PDU. Anders> There are TLV:s which describes which protocol the PDU is and meta data Anders> such as IP address and port (if the transport protocol(s) are striped off). Anders> The format can be used by logging functions in various nodes, say after Anders> deserialization(SS7 over TDM) decryption(GSM/UMTS/LTE Nodes?) etc. Anders> Tag values and an outline of the format can be found here Anders> http://anonsvn.wireshark.org/viewvc/trunk/epan/exported_pdu.h?revision=49285&view=markup Looks like a rather sane TLV structure. Is it intended to be used beyond SS7 stuff? Pascal> Anders can describe it better than me, but the format intends to be versatile.It allows you to export any higher level PDUs in a pcap file while maintaining some basic information about the lower layers Pascal> (like the transport one). The current code sample in Wireshark is for SIP protocol, but could be extended to any protocol if there is a need. With a DLT allocated, it would allow the feature to work out of Pascal> the box without any user configuration required (right now the implementation is mapped on a user DLT, so you must configure Wireshark accordingly). Pascal> For example I would see a use for it for the logging capabilities of a mobile phone that use higher layer protocols decoded by Wireshark without the traditional network oriented transport layers. Right now Pascal> I need to play tricks with user DLT and it prevents mixing protocols. Yes the intention is to have a versatile format that can fulfill many needs. One more use case could be to save decrypted application signaling. The intension is to publish the TLV list and description A bit more prominently - Wiresharks wiki? Once the format stabilizes and the most useful TLV:s has been defined. Regards Anders _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
