Varuna De Silva wrote:
> as I know there is not any linktype for pure QSIG.
>The QSIG is usually encaplulated in another protocols, e.g. I think
>HDLC->LAPD->QSIG.
>But I am familiar only with QSIG over H.323 or SIP
Yes you are correct, we decoded some messages we captured
manually and found they are somewhat similar to LAPD.
Is there are linktype for raw LAPD, as I know the one DLT_LINUX_LAPD
<http://fxr.watson.org/fxr/ident?i=DLT_LINUX_LAPD> is not suitable for
our case.
Since its with some additional header overhead.
We get the HDLC decoded frames and they are raw LAPD messages.
How can we proceed from here onwards to decode LAPD messages.
Is it possible for us to use the same LAPD dissectors of wireshark.
If you can't use the Linux LAPD DLT (even by faking the headers?) then
you'd have to:
- ask tcpdump.org to allocate a new DLT value for raw LAPD
- patch the wiretap/ library to support the new DLT value (bug 1751
contains a patch that shows how to do this)
- patch packet-lapd.c to register for the new linktype (by adding
another "dissector_add() call)
