Re: [tcpdump-workers] Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG

Guy Harris via tcpdump-workers Thu, 04 Feb 2021 04:37:01 -0800

--- Begin Message ---

On Feb 4, 2021, at 3:41 AM, developer--- via tcpdump-workers 
<tcpdump-workers@lists.tcpdump.org> wrote:


> We currently use this code in our lua dissector to display (decoded) SIP 
> messages.
> 
> -- offsets will change with the new LINKTYPE
>    if (buf(148,2):uint() == MSG_TYPE_SIP) then
>        sadd("src_ip",0,16)
>        sadd("src_port",16,2,"uint")
>        sadd("dst_ip", 18,16)
>        sadd("dst_port",34,2,"uint")
>        Dissector.get("sip"):call(buf(msg_start, msg_len):tvb(), pinfo, 
> subtree)
>        return
>    end

In other words, the format of packets is:

        IPv6 source address - 16 octets
        source port - 2 octets
        IPv6 destination address - 16 octets
        destination port - 16 octets
        SIP packet

--- End Message ---

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG

Reply via email to