On May 22, 2009, at 1:27 PM, Tyson Key wrote:
> Hi.
> Out of interest, are there supposed to be issues with Ethernet Pcap-
> NG files/packets appended to other Pcap-NG files generated with
> Wireshark 1.0.7 having an unrecognised link type in later (SVN)
> versions of Wireshark? At the same time, it seems that 1.0.7 has
> issues reading packets in Pcap-NG files from later versions (i.e.
> it'll try to recognise a few frames, and if the link type is
> Ethernet, show them in the packet pane, but it'll complain about a
> decompression error when trying to view them, or it'll just show one
> packet with an unknown link type (usally 0 or 113 here), depending
> on how packets were combined).
>
> I've attached some samples for reference.
>
> Thanks,
> Tyson.
>
> On Fri, May 22, 2009 at 6:35 AM, Ulf Lamping <
ulf.lamping@xxxxxx>
> wrote:
> Aaron Turner schrieb:
> > On Thu, May 21, 2009 at 12:20 PM, Michael Tüxen
> > <
Michael.Tuexen@xxxxxxxxxxxxxxxxx> wrote:
> >> On May 21, 2009, at 9:15 PM, Aaron Turner wrote:
> >>
> >>> On Thu, May 21, 2009 at 11:55 AM, Michael Tüxen
> >>> <
Michael.Tuexen@xxxxxxxxxxxxxxxxx> wrote:
> >>>> Hi Aaron,
> >>>>
> >>>> can you check also with the latest svn version?
> >>> This was trunk-1.0 r28436. Are you working in trunk (wireshark
> >>> 1.1.x)?
> >> Yes, I'm working in 1.1.x...
> >
> >
> > I just looked at the lastest trunk, and it too hard codes only
> > ethernet as supported:
> >
> > from wiretap/pcapng.c pcapng_dump_can_write_encap():
> >
> > /* XXX - for now we only support Ethernet */
> > if (encap != WTAP_ENCAP_ETHERNET)
> > return WTAP_ERR_UNSUPPORTED_ENCAP;
> >
>
> Hi!
>
> This comment is from the time when I started to experimentally
> implement
> pcapng.
>
> This was only a rough prototype at that time and as I'm personally
> only
> using Ethernet, I've only implemented the absolutely necessary stuff.
>
> It's very long ago so I can't remember if there are any further
> problems
> with anything else then Ethernet.
>
> Seems that you're the first one trying to use it in this way ...
>
> Regards, ULFL
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <
wireshark-dev@xxxxxxxxxxxxx>
> Archives:
http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe:
https://wireshark.org/mailman/options/wireshark-dev
> mailto:
wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
> --
> Fight Internet Censorship!
http://www.eff.org
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
http://i9.house404.co.uk/ | Twitter/FriendFeed/Skype: vmlemon |
> +447549728105
> <
