Re: [tcpdump-workers] Request for new pcap/pcapng DLT Format
On May 13, 2013, at 1:04 PM, chris_bon...@selinc.com wrote: > Hi, I would like to request a custom DLT type for the Schweitzer > Engineering Laboratories "RTAC" product. Information on the > product/purpose of the DLT is included below: Do LINKTYPE_RTAC_SERIAL/DLT_RTAC_SERIAL sound like good names? > All Ethernet-based capture files will have a packets with a "Linux Cooked > Capture" Ethernet-header That's not an Ethernet header: http://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html Any particular reason not to use LINKTYPE_ETHERNET/DLT_EN10MB, rather than LINKTYPE_LINUX_SLL/DLT_LINUX_SLL, for Ethernet captures? ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Request for new pcap/pcapng DLT Format
Hi Guy, Those names sound good to me for the RTAC serial captures. After looking a little closer, I suspect that since the RTAC platform is Linux-based, the programmers used the libpcap library to perform captures and that library is responsible for the output of the SLL format. I'll revise the comments section in the code header to clarify a little bit more on that point. Regards, Chris Bontje Schweitzer Engineering Labs Automation Application Specialist, SW Region (509)334-5664 chris_bon...@selinc.com From: Guy Harris To: chris_bon...@selinc.com Cc: tcpdump-workers@lists.tcpdump.org Date: 05/20/2013 12:33 PM Subject:Re: [tcpdump-workers] Request for new pcap/pcapng DLT Format On May 13, 2013, at 1:04 PM, chris_bon...@selinc.com wrote: > Hi, I would like to request a custom DLT type for the Schweitzer > Engineering Laboratories "RTAC" product. Information on the > product/purpose of the DLT is included below: Do LINKTYPE_RTAC_SERIAL/DLT_RTAC_SERIAL sound like good names? > All Ethernet-based capture files will have a packets with a "Linux Cooked > Capture" Ethernet-header That's not an Ethernet header: http://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html Any particular reason not to use LINKTYPE_ETHERNET/DLT_EN10MB, rather than LINKTYPE_LINUX_SLL/DLT_LINUX_SLL, for Ethernet captures? ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Request for new pcap/pcapng DLT Format
On May 20, 2013, at 6:54 PM, chris_bon...@selinc.com wrote: > Those names sound good to me for the RTAC serial captures. OK, I've assigned 250 for LINKTYPE_RTAC_SERIAL and DLT_RTAC_SERIAL. > After looking a little closer, I suspect that since the RTAC platform is > Linux-based, the programmers used the libpcap library to perform captures and > that library is responsible for the output of the SLL format. I assume it's capturing on the "any" interface. ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Request for new pcap/pcapng DLT Format
On May 13, 2013, at 1:04 PM, chris_bon...@selinc.com wrote: > 1) The relative timestamp is 8 bytes, the "left" and "right" components > are 32-bit integers representing the left and right-hand side of the > decimal point, respectively Seconds and 1/2^32ths of a second? Speaking of timestamps, what goes into the pcap or pcap-ng time stamp field (those are absolute timestamps)? ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
