Wireshark-dev: [Wireshark-dev] X.25, LAPB, PLP Decoding
Date: Mon, 18 Jun 2007 10:46:02 -0400


I’ve been making Protocol Analyzer based on Sangoma S5142A synch serial card and WireShark. Capturing of X.25 LAPB and PLP layers is done by Sangoma card/driver. Storing into file is done by socket based code. File format is libpcap file format.


I’ve seen that WireShark  ( wtap)  has decoder for LAPB and PLP layers of the original X.25.


Problem is that libpcap “DLT_    “ definitions doesn’t have value for LAPB link layer. So, when I opened captured file by WireShark, I can see only raw data.


I think that I should define proprietary “DLT_LAPB” value and do whatever necessary steps in wtap (WireShark) in order to recognize my DLT_LAPB type form libpcap file header. After that I should be able to see LAPB frames and PLP packets in the WireShark.


Is above story about new DLT_LAPB and wtap extension is correct?





Mirko Karanovic.

Toronto Transit Comission

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review retransmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient or delegate is strictly prohibited. If you received this in error please contact the sender and delete the material from any computer. The integrity and security of this message cannot by guaranteed on the Internet. The Sender accepts no liability for the content of this e-mail or for the consequences of any actions taken on basis of the information provided. The recipient should check this e-mail and any attachments for the presence of viruses. The sender accepts no liability for any damage caused by any virus transmitted by this e-mail. This disclaimer is the property of the TTC and must not be altered or circumvented in any manner.