[tcpdump-workers] Request for DLT for new BlueZ Monitor
Hello, It seems that in BlueZ 5 there is no interface provided for better user experience. Let call it "monitor" and it is used for capture all Bluetooth adapter in the same time within information about adding new adapter or delete existing one (there are special opcodes for that [separated packets]). Use case (I think it should in simple way show reason/usage for that): 1. Start Wireshark. 2. Select only one available interface: let call it "bluetoothmon" 3. Start capture. 4. Insert two dongle. 5. Generate traffic. 6. Remove one dongle. ... This interface should never fail like existing libpcap implementation for Bluetooth for Linux (remove USB dongle == [Wireshark] fail). Implementation can based on: BlueZ 5 "monitor" tool: http://git.kernel.org/cgit/bluetooth/bluez.git/tree/monitor You can see function "open_socket" in http://git.kernel.org/cgit/bluetooth/bluez.git/tree/monitor/control.c One advantage of new bluetoothmon is it allow to capture early command while device is initialising (bluetooth0, etc. does not have it) DLT may have name DLT_BLUETOOTH_BLUEZ5_MONITOR, feel free to change it. BlueZ community extent BTSNOOP capture file-format to support multiple interfaces too.(specially for new "monitor" format) -- Pozdrawiam / Best regards - Michał Łabędzki, Software Engineer Tieto Corporation Product Development Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] Request for DLT for Linux Kernel Messages
Hello, I would like to ask about possibility to add DLT value for Linux Kernel Messages. Is it possible or not? I previously show ready libpcap implementation [1], also I have ready implementation for Wiredshark. (in short: on Linux Kernel >3.4 it is able to dump via /dev/kmsg, also inject). Linux kernel message have packet structure (one log/event = one packet) and it is really useful by analysing system behaviour or Bluetooth kernelspace used by userland. Also may be interested to create special DLT (like Wireshark Upper PDU) for event based capture sources like: 1. Linux Kernel Messages (/dev/kmsg) 2. Android Logcat (Logger - like "adb logcat -B") 3. Udev messages (I thinking about capture like "udevadm monitor") 4. syslog ... N. Completely amazing idea for now: capture audio (arecord -l; arecord hw:0,1; in short: "source as interface to dump") etc. [1] Rebased: https://github.com/MichalLabedzki/libpcap/commit/bfb695422349541c4c6f6f896a9028721eedf253 - this contain requested DLT in code to show functionality [2] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8585 -- Pozdrawiam / Best regards - Michał Łabędzki, Software Engineer Tieto Corporation Product Development Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] Mail System Error - Returned Mail
This Message was undeliverable due to the following reason: Your message was not delivered because the destination computer was not reachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configura- tion parameters. Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now. Your message was not delivered within 8 days: Host 130.219.47.160 is not responding. The following recipients did not receive this message: Please reply to postmas...@alum.mit.edu if you feel this message to be in error. ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
