Wireshark-users: Re: [Wireshark-users] OpenBSD enc0 capture from tcpdump failes to decode
From: Guy Harris <[email protected]>
Date: Fri, 25 Sep 2009 15:02:33 -0700
On Sep 25, 2009, at 1:32 PM, Brad Guillory wrote:

So unless we are on an OpenBSD machine we will never have DLT_ENC ==
13.
Yes.  (I'm the person who put that stuff into pcap/bpf.h.)

I also don't see code that would allow for DLT_ATM_RFC1483 to be
set to 13.
Not having access to any BSD/OS systems, I didn't do anything for it -  
I probably should have, but as BSD/OS was discontinued a few years  
ago, I probably won't bother unless some BSD/OS user complains on  
tcpdump-workers or the libpcap SourceForge bug database.
I am recompiling now to make sure that it will fix my problem; but I
can't see why it wouldn't.
It appears to have fixed the problem - I was able to read the file on  
my Mac - and also let me clean up some special hacks to deal with a  
link-layer type of 13 on captures from some device running Nokia's  
IPSO (FreeBSD-based) OS.  (The hacks are still necessary - thanks a  
lot, Ipsilon/Nokia, for not picking a different magic number for your  
non-standard libpcap format - but at least they're simpler.)
I've checked that change into the main branch.  We might want to put  
it into Wireshark 1.2.3 (and, if we release one, 1.0.10).