--- Begin Message ---
On Jun 2, 2020, at 12:22 AM, Airbus CERT via tcpdump-workers 
<tcpdump-workers@lists.tcpdump.org> wrote:

> Yes exactly each packet is an event. The layout of the event is 
> https://docs.microsoft.com/en-us/windows/win32/api/evntcons/ns-evntcons-event_header
>  and 
> https://docs.microsoft.com/en-us/windows/win32/api/evntcons/ns-evntcons-event_header_extended_data_item.
>  But we aligned this format with the ETL (serialization use by microsoft) 
> which is not well documented.

Is it documented at all?

The description of a given LINKTYPE_/DLT_ value on

        https://www.tcpdump.org/linktypes.html

and the pages linked to by that description must be sufficient to allow 
somebody to write code to, at minimum, parse the link-layer headers, without 
ever looking at Wireshark or tcpdump code.

--- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Reply via email to