Guy Harris wrote:
> Rolf Fiedler wrote:
>> > I checked, channel 128 is used for ATM cells and channel 129 for layer 1
>> > indications like "G.708 synced" which are shown as frames.
>
> The ISDN dissector doesn't know anything about either of those. Neither
> of those are ISDN (B-ISDN maybe, but not classic ISDN), so it's not
> clear that they *should* know about them.
As far as I know Wireshark does not handle layer 1 events? What we do
right now is we print messages like "G.704 SYNC", "G.804 SYNC" etc.
into fake frames and see the messages in the hexdumps of these frames.
Not something that could be considered ideal, but it solves the problem
for us. Since the headers of these frames do not match the ISDN protocol
IDs, they are not decoded any further. Same applies to ATM.
Please tell me if there is a better way to do this.
>
> Should the eyesdn Wiretap module return a link-layer type of
> WTAP_ENCAP_PER_PACKET for eyesdn files, and supply link-layer types of
> WTAP_ENCAP_ISDN for channels 0 through 30, WTAP_ENCAP_ATM with a
> pseudo-header indicating that the frame is an ATM cell for channel 128,
> and something appropriate (which might have to be added) for channel 129?
Actually, that sounds like a really nice idea. Can you please point me
to another
wiretap module that does per packet encap. and I will change the EyeSDN
wiretap module accordingly.
When we add an ENCAP type for the layer 1 events, I assume one also
needs to add a dissector for that? A simple dissector could just print
the ASCII frame contents into the decode column. Or has something
similar already been implemented?
Thanks for your feedback and the good idea!
Rolf
