On Sep 18, 2008, at 10:10 PM, Gaurav1 Jain wrote: > Gaurav: yes latter one is the case. If I try to capture the > interface using > > Capture à Options à Link Header Type is displayed as Linux Cooked > Mode Capture.
Presumably by "capture the interface" you mean capturing on the Linux network interface. If so, that means the Sangoma driver is returning either an unknown ARPHRD_ type or one of ARPHRD_ATM or ARPHRD_PPP as its ARPHRD_ type. > When traces are displayed protocol decoded is found to be IP. It's capturing in cooked mode, with a PF_SOCKET/SOCK_DGRAM socket, so that the link-layer header is stripped off, and a "cooked" link-layer type supplied (IPv4, if the protocol is IP). > Otherwise when PCAP file is first captured using WanDriver commands > (available with WanPipe) ...which means the capture isn't going through libpcap. > and then open using wireshark TZSP is the protocol being displayed > on GUI. ...which means that the WanDriver software is writing a pcap-format file with a link-layer type of DLT_TZSP. The only link-layer types supported in DLT_TZSP in Wireshark are Ethernet and various forms of 802.11, so presumably it's providing a fake Ethernet header. >> So what does it mean when it "provides [an] IP interface"? Does that >> mean that the card supplies IP packets, with link-layer headers >> stripped off, > > Gaurav: yes this is the case. If that's the case, then you won't ever be able to see the HDLC or proprietary link-layer headers, as the card doesn't give them to the host, so they're irrelevant. >> There is no "ICMP/UDP/TCP/SCTP/IP kind of DLT" attached to *any* >> traces; those are all protocols running atop the link layer. There >> is >> a DLT_RAW link layer used for packets where there *is* no link-layer >> header. > > Gaurav: I checked man page of pcap and it says DLT_RAW means packet > begins with IP header. Yes, that's what "There is a DLT_RAW link layer used for packets where there *is* no link-layer header" means. > Gaurav: We are using HDLC protocol while configuring WANPIPE, > So it should be LIP Protocol stack line where card is getting > connected and accordingly ARPHRD_ type should be ARPHRD_HDLC. Only if the card is supplying HDLC headers to the host, which you said wasn't the case. _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
