Hello, Guy,
Please, see below.
09.06.2014 13:43, Guy Harris пишет:
OK, I've assigned 260 to LINKTYPE_IPMI_HPM_2/DLT_IPMI_HPM_2, with a description
of:
IPMI trace packets, as specified by Table 3-20 "Trace Data Block
Format" in the PICMG HPM.2 specification.
with the link done as specified.
Thanks.
Also, are the time stamps in pcap records or pcap-ng packet blocks significant,
given that the trace blocks contain their own time stamps?
They would not be significant, if Wireshark did not use them for displaying
packet times. But, since Wireshark does use them,
As will other programs that read pcap or pcap-ng files and don't treat
LINKTYPE_IPMI_HPM_2 specially (one reason for this registry is to allow other
programs to process whatever pcap/pcap-ng link-layer header types the
developers choose; the goal is to *avoid* tying link-layer header types to
tcpdump or Wireshark or any other program - it should be possible for people to
write code to read or write packets of any given link-layer header type without
ever having to see any tcpdump/Wireshark/etc. code that reads or writes them).
Since the proposed capture format is generated by a proxy agent which
transforms the captured data from the UDP-based connection, time stamps
in pcap records/pcap-ng packet blocks may be interpreted as times of
receiving of the encapsulated trace data blocks by the proxy from the
capturing device, while the trace data block contain time stamps for the
captured trace messages.
The only utility which I know generates data in the proposed capture
format, makes the timestamps in pcap records equal to the stamps in the
trace data blocks which is convenient when browsing the captured data in
Wireshark. However, in general, this is not required. In that sense, the
proposed capture format is not tied to any analyzing program.
Regards,
Dmitry
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
