Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] Question about parsing raw MTP3
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 04 Oct 2006 12:25:02 -0700
Keith Fleming wrote:
Actually, the intermediate C program that takes the raw MTP3 hex data put a 0x8d in the "link level type" 16-bit field
It's a 32-bit field.
and that fixed it!
Not surprising, given that 0x8d = 141.I'd suggest, by the way, that the intermediate C program include <pcap.h> and use DLT_MTP3 rather than the raw value 141 or 0x8d.
As long as you're at it, unless it's already doing so, I'd suggest that it open a pcap_t with a link-layer type of DLT_MTP3 and a snapshot length of 65535 with pcap_open_dead() and use that to open a dump file with pcap_dump_open(), write the packets with pcap_dump(), and then close the dump with pcap_dump_close(). Using libpcap's code to write libpcap files is better than writing your own code (libpcap already knows how to write them, and, in the future, it'll know how to write pcap-NG files as well).
- References:
- Re: [Wireshark-users] Question about parsing raw MTP3
- From: Keith Fleming
- Re: [Wireshark-users] Question about parsing raw MTP3
- Prev by Date: Re: [Wireshark-users] VoIP analysis and assessment
- Next by Date: Re: [Wireshark-users] Wireshark on OppenBSD 4.0
- Previous by thread: Re: [Wireshark-users] Question about parsing raw MTP3
- Next by thread: Re: [Wireshark-users] Question about parsing raw MTP3
- Index(es):