Wireshark · Ethereal-dev: Re: [Ethereal-dev] updated fakelink dissector + (new) README.fakelink

Ethereal-dev: Re: [Ethereal-dev] updated fakelink dissector + (new) README.fakelink

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Richard Sharpe <rsharpe@xxxxxxxxxxxxxxxxx>

Date: Tue, 8 Jul 2003 14:44:02 -0700 (PDT)

OK,rather than calling it a fake-link, why not a raw capture. We haveprecedent from the various raw protocol support on some versions of UNIX(which unfortunately seems to have meant raw-IP).

Secondly, rather than having a 16-bit protocol type, how about a 32-bitprotocol type which would allow us to, say map IP-types and port-numbersetc without having to resort to more large tables.


Of, how about having a variable length type with:

  First field being DLT-TYPE
  Second field being a sub-type based on that
  Third field being ...

Thus, a raw IP capture might have header types of:

 0x0006 0x0001 0x0805 <capture-len> <data>
      ^      ^    ^
      |      |    |
      |      |    +----- IP ...
      |      +---------- DLT_EN10MB (ethernet II?)
      +----------------- 6-bytes total type info

Regards
-----

Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,sharpe[at]ethereal.com, http://www.richardsharpe.com

Follow-Ups:
- Re: [Ethereal-dev] updated fakelink dissector + (new) README.fakelink
  - From: Jeff Morriss

References:
- [Ethereal-dev] updated fakelink dissector + (new) README.fakelink
  - From: Jeff Morriss

Prev by Date: [Ethereal-dev] Re: h245 - fastStart support
Next by Date: [Ethereal-dev] MTP3 error in retrieving SLS
Previous by thread: [Ethereal-dev] updated fakelink dissector + (new) README.fakelink
Next by thread: Re: [Ethereal-dev] updated fakelink dissector + (new) README.fakelink
Index(es):
- Date
- Thread