-----Original Message-----
From: m...@sandelman.ca [mailto:m...@sandelman.ca]
Sent: den 19 juni 2013 14:50
To: Anders Broman
Cc: tcpdump-workers@lists.tcpdump.org
Subject: Re: [tcpdump-workers] Request for new DLT
Anders Broman <anders.bro...@ericsson.com> wrote:
Anders> Hi, Any chance of getting forward on this? I'm not sure what I
Anders> should change/make clearer to get this request accepted. We now
Anders> have another use case in Wireshark: - Exporting decrypted packets
Anders> from SSL sessions by "cutting" them off after the SSL layer and
Anders> saving the file with the new DLT value the TLV:s and then the
Anders> PDU:s Following after the SSL layer. Regards Anders Broman
After the pcap if created, how will another tool know what's in these payloads?
That's our fundamental question. Can anyone other than the original person who
saved these files have a clue what dissector to apply?
Forgive me if I'm just not seeing where this information is going to be.
If not, then one of the PCAP private values makes sense.
Currently there is two tags defined to indicate which protocol the packet block
starts with:
#define EXP_PDU_TAG_LINKTYPE 11 /**< The value part is the linktype
value defined by tcpdump
*
http://www.tcpdump.org/linktypes.html
*/
#define EXP_PDU_TAG_PROTO_NAME 12 /**< The value part should be an ASCII
non NULL terminated string
* of the short protocol name used by
Wireshark e.g "sip"
* Will be used to call the next
dissector.
*/
The Wireshak implementation currently only uses EXP_PDU_TAG_PROTO_NAME .
Is this good enough?
Regards
Anders Broman
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
