On May 18, 2019, at 3:05 PM, Damir Franusic <damir.franu...@gmail.com> wrote:
> I know it's extensible but ELEE is used for different purpose
LINKTYPE_ELEE is used for the *same* purpose as pcapng - recording timestamped
network events, and metadata for those events and for the capture process, in a
file.
"Target PDUs" with a subtype of "Content of Communication", and that just
contain raw packet data (as opposed to the ASN.1 stuff I asked about in an
earlier message) are just pcapng Enhanced Packet Blocks:
the target identifier and sequence number in the Target PDU header
would be options;
the timestamp would either just be the block's timestamp (and, unlike
ELEE with its 32-bit Timestamp_sec, would work past Y2.106K);
the "target activity flag for CC data", "handover connection name for
CC data delivery", "destination directory for CC data delivery used only for
file system based connections" (if relevant here), "target aggregation factor
for CC data delivery", "communication identifier Operator Id", "communication
identifier Network Element Id", and "communication identifier Number" would
also be options.
"Target PDUs" with a subtype of "Content of Communication" that contain that
ETSI-specified ASN.1 data would be a new block type, using the same options as
the new EPB options;
"Target PDUs" with a subtype of "Intercept Related Information (IRI)" would be
one or more new block types, depending on whether to have a single block type
for all of them, possibly using options.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
