Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Add checksum validation option for MTP2

From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Date: Fri, 02 Feb 2007 09:27:50 +0800


Florent.Drouin@xxxxxxxxxxxxxxxxx wrote:
This patch add an option to validate the MTP2 Frame Check Sequence.
You can activate this option if you are using a capture device on PCM
links, and if you want to identify malformed Packet, or noise.
If you are reading rf5 files,   you must not activate the checksum
validation, as the FCS are not present at the end of the record.
This patch is based on the decode_fcs function of packet_ppp.c.

Hmmm, this patch means that the MTP2 dissector accepts 2 formats of MTP2 data in WTAP_ENCAP_MTP2/WTAP_ENCAP_MTP2_WITH_PHDR (PCAP DLT 140/139): with and without the 2-byte FCS ahead of the sequence numbers.

Normally (AFAIK) such overloading of the file format is frowned upon. A cleaner solution would be to assign Yet Another DLT value to MTP2, this time with the FCS header. (And maybe also with the "MTP2 pseudo header" from WTAP_ENCAP_MTP2_WITH_PHDR/DLT value 139 so as to have one MTP2 format that contains all the possible options?)

Would you be willing to request a new DLT (from tcpdump.org) and then update wiretap and the MTP2 dissector to support that?

Or, if this is only for use with your ERF type 5 patch (e.g., you don't plan to store MTP2-with-FCS in PCAP files) then another solution would be to only add another WTAP_ENCAP value, one that is only used by the ERF type 5 stuff.