On May 11, 2019, at 7:26 AM, Damir Franusic <damir.franu...@gmail.com> wrote:
> *Example tshark output for IRI:*
...
> ELEE Protocol
> Protocol version: 1
> PDU type: Target PDU (1)
> Source node: elee.ppd.node_1
> Destination node: .
> Target PDU
> Lawful interception identifier: dhcp_li_id
> Target PDU data type: Intercept Related Information (IRI) (1)
> Sequence number: 0
> Timestamp: May 10, 2019 18:21:59.723619839 UTC
> IRI configuration
> Active: True
> Delivery format: ELEE (3)
> Handover connection:
> Handover directory:
> Aggregation factor: 2
> Delivery timeout: 0
> Communication identifier
> Operator identifier:
> Network element identifier:
> Communication identifier number (CIN): 0
> Data part size: 95
> IP IRI
> IRI type: IRI-REPORT (4)
> Access event type: accessAttempt (0)
> Target username: 001cbf0dbfd7
> Internet access type: Unknown (0)
> IP version: IPv4 protocol (1)
> Target IPv4: 0.0.0.0
> Target network id: 00:1c:bf:0d:bf:d7
> POP port number: 0
> Target call-back number: <MISSING>
> POP IP address: 00000000
> Authentication type: AAA provided by DHCP (3)
...
> *Example tshark output for CC:*
...
> *ELEE Protocol*
> Protocol version: 1
> PDU type: Target PDU (1)
> Source node: elee.ppd.node_1
> Destination node: .
> Target PDU
> Lawful interception identifier: test_li_id
> Target PDU data type: Content of Communication (CC) (2)
> Sequence number: 0
> Timestamp: May 10, 2019 18:27:56.677651565 UTC
> CC configuration
> Active: True
> Delivery format: ELEE (3)
> Handover connection:
> Handover directory:
> Aggregation factor: 10
> Delivery timeout: 0
> Communication identifier
> Operator identifier:
> Network element identifier:
> Communication identifier number (CIN): 0
> Data part size: 60
So what would the exact format of the header be for this link-layer type?
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
