Re: [tcpdump-workers] New official link-layer type request

Sat, 11 May 2019 14:04:41 -0700 

Hi

Like I sad, I don't have the complete documentation ready, but
this is the general format:

+---------------------------------+
|           Version               |
|           (1 Octet)             |
|                                 |
+---------------------------------+
|           PDU Type              |
|           (1 Octet)             |
|                                 |
+---------------------------------+
|       Source ELLE Node          |
|  NULL terminated ASCII string   |
|       (1 Octet min for \0)      |
|                                 |
+---------------------------------+
|       Destination ELEE Node     |
|  NULL terminated ASCII string   |
|       (1 Octet min for \0)      |
|                                 |
+---------------------------------+
|       ELEE PDU Payload          |
.      (Remaining octets)         .
.                                 .
.                                 .

PDU Payload part is the rest of the packet data
and will be interpreted based on PDU Type.




On 5/11/19 10:09 PM, Guy Harris wrote:

On May 11, 2019, at 7:26 AM, Damir Franusic <damir.franu...@gmail.com> wrote:


*Example tshark output for IRI:*

        ...


ELEE Protocol
     Protocol version: 1
     PDU type: Target PDU (1)
     Source node: elee.ppd.node_1
     Destination node: .
     Target PDU
         Lawful interception identifier: dhcp_li_id
         Target PDU data type: Intercept Related Information (IRI) (1)
         Sequence number: 0
         Timestamp: May 10, 2019 18:21:59.723619839 UTC
         IRI configuration
             Active: True
             Delivery format: ELEE (3)
             Handover connection:
             Handover directory:
             Aggregation factor: 2
             Delivery timeout: 0
         Communication identifier
             Operator identifier:
             Network element identifier:
             Communication identifier number (CIN): 0
         Data part size: 95
         IP IRI
             IRI type: IRI-REPORT (4)
             Access event type: accessAttempt (0)
             Target username: 001cbf0dbfd7
             Internet access type: Unknown (0)
             IP version: IPv4 protocol (1)
             Target IPv4: 0.0.0.0
             Target network id: 00:1c:bf:0d:bf:d7
             POP port number: 0
             Target call-back number: <MISSING>
             POP IP address: 00000000
             Authentication type: AAA provided by DHCP (3)

        ...


*Example tshark output for CC:*

        ...


*ELEE Protocol*
     Protocol version: 1
     PDU type: Target PDU (1)
     Source node: elee.ppd.node_1
     Destination node: .
     Target PDU
         Lawful interception identifier: test_li_id
         Target PDU data type: Content of Communication (CC) (2)
         Sequence number: 0
         Timestamp: May 10, 2019 18:27:56.677651565 UTC
         CC configuration
             Active: True
             Delivery format: ELEE (3)
             Handover connection:
             Handover directory:
             Aggregation factor: 10
             Delivery timeout: 0
         Communication identifier
             Operator identifier:
             Network element identifier:
             Communication identifier number (CIN): 0
         Data part size: 60

So what would the exact format of the header be for this link-layer type?


--
Damir Franusic

email: damir.franu...@gmail.com
http://ele2.io/

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Reply via email to