Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] How to make libpcap/wiretap understand proprietry/standard l

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Gaurav1 Jain <gaurav1.jain@xxxxxx>
Date: Fri, 19 Sep 2008 09:01:21 +0530
Hello,

We are using an A104 Sangoma card to tap an E1 and for an E1, this card provides IP interface (as configured). Data on E1 gets transferred to IP interface say Wireshark without even a single bit getting changed. Now this data is either a typical LAPD (HDLC format) or a proprietary Transparent frame (which carries in general TDM type of traffic).

So you can say there is no ICMP/UDP/TCP/SCTP/IP kind of DLT attached to traces.


Regards,
Gaurav

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Thursday, September 18, 2008 10:35 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] How to make libpcap/wiretap understand proprietry/standard link-layers


On Sep 18, 2008, at 3:08 AM, Gaurav1 Jain wrote:

> I want to understand how libpcap identifies a particular data link
> layer?

As indicated, this is more of a tcpdump-workers@xxxxxxxxxxx question,
as it's a libpcap question.

> Currently we are tapping IP interfaces using WireShark where there
> could be either HDLC or Transparent traffic without IP header
> attached to it.

"Without IP header attached to it"?  Do you mean that there's no data
link layer header *or* IP header, so that the packet begins with an
ICMP/UDP/TCP/SCTP/etc. header?  Or do you mean that there's no data
link layer header but there *is* an IP header, so the packet begins
with an IP header?


I assume, from your other mail, that this is on Linux.

Are those "interfaces" regular network interfaces (so that libpcap
captures on them the same way it captures on, for example, Ethernet or
802.11 interfaces), or have you added a new interface type to libpcap?
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
The information contained in this e-mail is private & confidential and may also be legally privileged. If you are not the intended recipient, please notify us, preferably by e-mail, and do not read, copy or disclose the contents of this message to anyone.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube