On Dec 15, 2010, at 8:09 AM, kristian.martens@xxxxxxxxxx wrote:
> I have libpcap and it works OK (interface is visible in Wireshark,
I assume this is the card you'd asked about earlier in "LTE over AAL2"?
> can be this card are only shown as hex data. To not spent extra dissector efforts the idea was to set DLT_ERF as link type.
I assume also that you've modified libpcap to handle that card, and to use DLT_ERF as its link-layer type.
If so, you'd need to put ERF headers before the packet data; do you have the ERF documentation from Endace? If not, I have a copy I can send you. (Note to Endace: put the document back up, in an obvious place; as ERF format and DLT_ERF format can be read by open-source tools, don't keep it secret.)
> Could somebody explain which steps are needed to jump to the right dissector to see e.g. decoded SSCOP data?
From your earlier mail, the card is delivering reassembled ATM packets, so the first step would be to choose TYPE_AAL2 (18) as the type field in the DLT_ERF header for those packets.
The next step would be to extend the ATM dissector to have additional options for the packet type of AAL2 traffic; currently the only types offered are "raw data" and "UMTS FP". If you're getting multiple types of traffic on different channels, that would require more work to support setting the traffic type for specific channels.
