Wireshark-users: Re: [Wireshark-users] OpenBSD enc0 capture from tcpdump failes to decode
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 25 Sep 2009 15:02:33 -0700

On Sep 25, 2009, at 1:32 PM, Brad Guillory wrote:

So unless we are on an OpenBSD machine we will never have DLT_ENC ==

Yes.  (I'm the person who put that stuff into pcap/bpf.h.)

I also don't see code that would allow for DLT_ATM_RFC1483 to be
set to 13.

Not having access to any BSD/OS systems, I didn't do anything for it - I probably should have, but as BSD/OS was discontinued a few years ago, I probably won't bother unless some BSD/OS user complains on tcpdump-workers or the libpcap SourceForge bug database.

I am recompiling now to make sure that it will fix my problem; but I
can't see why it wouldn't.

It appears to have fixed the problem - I was able to read the file on my Mac - and also let me clean up some special hacks to deal with a link-layer type of 13 on captures from some device running Nokia's IPSO (FreeBSD-based) OS. (The hacks are still necessary - thanks a lot, Ipsilon/Nokia, for not picking a different magic number for your non-standard libpcap format - but at least they're simpler.)

I've checked that change into the main branch. We might want to put it into Wireshark 1.2.3 (and, if we release one, 1.0.10).