>> Unfortunately there is no document online, but the structure is quite
>simple, it's just a 32-bit value containing some bit fields:
>
>So a packet has a 32-bit value, followed by the Ethernet header,
starting >with the destination MAC address?
In order to have a nice Hex-Display, starting with the destination MAC
address, we would like to put it *after* the Ethernet packet data.
The pcap packet would look as follows:
pcaprec_hdr_t:
ts_sec
ts_usec
incl_len
orig_len
packet_data:
dst_mac
src_mac
len_type
fcs
NETANA_HEADER_T
.... next packet
>> uiGpio:
>> 0: comes for Ethernet port
>> 1: comes for GPIO port
>
>So if uiGpio is set, is what follows an Ethernet packet, or something
else?
There will follow an Ethernet packet with a special destination/source
MAC address from our company's MAC address range.
(An appropriate heuristic dissector is already included in Wireshark
under epan/dissectors/packet_hilscher.c
If we have the new Link-layer type we would be able to remove the
heuristic dissector and decode this special frame via this bit in
NETANA_HEADER_T.)
>> uiTransparent:
>> 0: normal Ethernet mode
>> 1: transparent capture mode
>
>Is there any difference between the packets in those two modes?
Yes, this will include the preamble/SFD as supplied by the Ethernet-PHY.
This is used as low-level analysis expert mode.
pcaprec_hdr_t:
ts_sec
ts_usec
incl_len
orig_len
packet_data:
preamble
SFD
dst_mac
src_mac
len_type
fcs
NETANA_HEADER_T
>> uiLength:
>> real frame length in bytes
>
>How does that differ from the pcap length field?
It's there for historical reasons and provides the length of the
captured data, it would be the same as the pcap length field.
Holger
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Hilscher Gesellschaft für Systemautomation mbH
Rheinstr. 15, 65795 Hattersheim
Sitz der Gesellschaft: Hattersheim
Geschäftsführer: Hans-Jürgen Hilscher
Registergericht: Amtsgericht Frankfurt/Main
Handelsregister: Frankfurt B 26873
www.hilscher.com
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
