Wireshark-dev: Re: [Wireshark-dev] pcap-ng support
From: "Gianluca Varenni" <[email protected]>
Date: Mon, 21 Jan 2008 23:54:57 -0800

For sure.
There's no problem in allocating a new link type code for BT. If I remember well, libpcap actually already defines a linktype for BT (i would need to check). The important thing is defining the frame format used with such link type.
Have a nice day
----- Original Message -----
From: Tyson Key
Sent: Monday, January 21, 2008 11:30 PM
Subject: Re: [Wireshark-dev] pcap-ng support

Hi, sorry to hijack the thread, but does anyone know if there will be a link type code available for Bluetooth in pcap-ng?

Thanks, Tyson.

On Jan 18, 2008 7:01 AM, Ulf Lamping < [email protected]> wrote:
Gianluca Varenni schrieb:
> FYI today I tried opening a pcap-ng file with wireshark rev 24118, and
> it sort of worked.
> What works:
> - the first file I opened was a 50+MB file generated with NTAR. Real
> ethernet packets coming from a custom board. Wireshark opened the
> trace without any problem, and the decoded packets made perfectly
> sense. YAY!
> What doesn't work:
> - timestamps are wrong. There are two problems here:
>  1. the IDB option for the timestamp precision is not decoded, and I
> was generating timestamps with nanosecond precision.
No wonder, the corresponding line in the code says: /* XXX - convert
timestamps into nsecs */ ;-)
>  2. timestamps are not in the libpcap fashion (seconds and
> microseconds, or seconds and nanoseconds). It's a single 64bit
> quantity that is split into high and low 32bits.
The timestamps currently won't work, but shouldn't be too hard to fix.

I'll have a look ...

Regards, ULFL

P.S: The FCS is also not decoded, Wireshark will internally always
handle pcapng as: "don't know if FCS is there"
Wireshark-dev mailing list
[email protected]

Fight Internet Censorship! http://www.eff.org
Open-Source Community, and Technology Testbed: http://www.house404.co.uk/

Wireshark-dev mailing list
[email protected]