--- Begin Message ---
On Jun 2, 2020, at 12:22 AM, Airbus CERT via tcpdump-workers
<tcpdump-workers@lists.tcpdump.org> wrote:
> Yes exactly each packet is an event. The layout of the event is
> https://docs.microsoft.com/en-us/windows/win32/api/evntcons/ns-evntcons-event_header
> and
> https://docs.microsoft.com/en-us/windows/win32/api/evntcons/ns-evntcons-event_header_extended_data_item.
> But we aligned this format with the ETL (serialization use by microsoft)
> which is not well documented.
Is it documented at all?
The description of a given LINKTYPE_/DLT_ value on
https://www.tcpdump.org/linktypes.html
and the pages linked to by that description must be sufficient to allow
somebody to write code to, at minimum, parse the link-layer headers, without
ever looking at Wireshark or tcpdump code.
--- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers