Richard Sharpe wrote:
On Wed, 13 Aug 2003, Martin Regner wrote:
[...]
0x05 TAG-DEST-ADDRESS (Destination address name padded to 20 byte
string - always a null terminated string)
0x14 Len (20 bytes)
0x4C 0x4F 0x4E 0x44 0x4F 0x4E 0x2D 0x48 0x4A 0x37 0x2D 0x31 0x34 0x00
0x00 0x00 0x00 0x00 0x00 0x00 ("LONDON-HJ7-14")
0x08 TAG-CICUIT-ID (Circuit id as numeric value)
0x02 Len (2 bytes)
0x07 0x00 Value=1792 (0x700)
0x42 TAG-PROTOCOL-STRING (Protocol string padded to 10 byte string
-always a null terminated string)
0x0A len (10 bytes)
0x4D 0x54 0x50 0x32 0x00 0x00 0x00 0x00 0x00 0x00 ("MTP2")
0x1A TAG-COMMENT
0x0A Len (10 bytes)
0x43 0x49 0x43 0x31 0x37 0x39 0x32 0x00 ("CIC1792")
0x00 TAG-PADDING-OCTET
0x00 TAG-PADDING-OCTET
The TAG field is 1 or 2 byte long (Tag value 0-127 should be used for
commonly used TAGs and then one octet is used for the TAG).
TAG 0 is a padding tag with no length octet.
The LEN field is 1 or 2 byte long (When the length of the parameter is
max 127 octets then the LEN field will be 1 byte long).
I think this is a good start, and the three or so of us who are
interested in this should discuss it some more and perhaps create a
proposal (maybe even a draft RFC).
People I know who are interested are Guy Harris, Ronnie Sahlberg, Greg
Morris, Martin and myself.
It also happens that SNIA has a group who are trying to put together a
proposal for a network capture repository and we would like to ensure that
they do it the right way. Chris Hertel has expressed an interest in
working with us on this as well.
You can count me in among "interested parties" for this. I've been more
interested in the "fakelink" layer because I have a very-near-term
desire/need to use it, but I definitely like the ideas of source,
destination, and comment tags as well. (I assume the source and
destination tags would get copied into the source and destination
columns in Ethereal/Tethereal? That would be nice...)
