Re: [tcpdump-workers] Request for new DLT and LINKTYPE value

2010-04-15 Thread Michael Richardson
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > "Thomas" == Thomas Edgar writes: Thomas> With the timing method I am using I was going for a method Thomas> to capture anything from a COM port and then allow the Thomas> parsing mechanism (like the heuristic dissectors in Thoma

Re: [tcpdump-workers] [PATCH] libpcap: Add datalink-type to match

2010-04-15 Thread Luca Bruno
Guy Harris scrisse: > From what you said there, it sounds as if Linux doesn't, in this > case, engage in the link-layer-header-mangling it all too often does, > and just hands a perfectly ordinary 802.15.4 header followed > immediately by the payload to the socket, so it sounds as if > DLT_IEEE802

Re: [tcpdump-workers] [PATCH] libpcap: Add datalink-type to match

2010-04-15 Thread Guy Harris
On Apr 15, 2010, at 12:48 PM, Luca Bruno wrote: > Yes, I'm using this at work and the patch aimed primarily at easing my > job inspecting (with wireshark) the traffic we're collecting. > I just stuck an explicit comment to the patch to let anyone aware of it, > if they need to handle non-standard

Re: [tcpdump-workers] [PATCH] libpcap: Add datalink-type to match

2010-04-15 Thread Luca Bruno
Guy Harris scrisse: > > There are currently three different types for it, but > > DLT_IEEE802_15_4 is the safest standard choice. > > The "safest standard choice" for the interpretation of > ARPHRD_IEEE802154 is whatever format you get for packets from a > device with that ARPHRD_ value. Yes, I'

Re: [tcpdump-workers] [PATCH] libpcap: Add datalink-type to match IEEE 802.15.4 ARP hardware type

2010-04-15 Thread Guy Harris
On Apr 8, 2010, at 1:25 PM, Luca Bruno wrote: > Since Linux 2.6.30, IEEE 802.15.4 interfaces got assigned a proper > ARP hardware type (ARPHRD_IEEE802154 - 804). > This patch introduces the relevant code to match it with its own > DLT type. > There are currently three different types for it, but

Re: [tcpdump-workers] Request for new DLT and LINKTYPE value

2010-04-15 Thread Guy Harris
On Apr 15, 2010, at 9:59 AM, Edgar, Thomas wrote: > After looking at how the pcap_set_datalink process works I think I have > decided to keep my timing method as the default COM interface datalink type. > But I will create it with the capability of setting the datalink type so that > you can

Re: [tcpdump-workers] Request for new DLT and LINKTYPE value

2010-04-15 Thread Edgar, Thomas
On Apr 13, 2010, at 3:30 PM, Guy Harris wrote: >I think heuristics are what you use when you can't use anything else; if >they're too strong, they will fail to identify things that they should (and >people will complain about it), and if they're too weak, they will identify >things that they sh

Re: [tcpdump-workers] [Off-Topic] Announcing "Ostinato" - packet generator and analyzer

2010-04-15 Thread Srivats P
Hi, Can you please add "Ostinato" to the "Related Projects" page? Regards, Srivats On Wed, Apr 14, 2010 at 11:51 AM, Srivats P wrote: > Ostinato > > > Ostinato is an open source, cross platform packet/traffic generator > and analyzer with a friendly GUI. > > A