tcpdump mailing list archives
request for LINKTYPE_
From: Jeff Morriss <jeff.morriss () ulticom com>
Date: Tue, 09 Sep 2003 09:41:04 -0400
[Resending this now that I'm actually subscribed to the list...] Hi list, We've had some discussion over on ethereal-dev about a "fake link" or "raw SS7" dissector that allows dumping an arbitrary protocol into a file without any (otherwise necessary) lower level protocols. The common example has been dumping MTP3 into a file without, well, MTP2 or M2PA. Here is the original post thread: http://ethereal.com/lists/ethereal-dev/200306/threads.html#00200 July's thread on the subject: http://ethereal.com/lists/ethereal-dev/200307/threads.html#00124 August's thread: http://ethereal.com/lists/ethereal-dev/200308/threads.html#00193 and one of the last messages--which is why I'm mailing you today: http://ethereal.com/lists/ethereal-dev/200308/msg00193.html Based on the message in the last URL, I'd like to request a new LINKTYPE_: LINKTYPE_RAWSS7. This file type will contain a header: typedef struct _rawss7_hdr { /* NOTE: These are in network-byte order. */ guint16 type; guint16 length; } rawss7_hdr; followed by protocol data for whatever protocol 'type' indicates. E.g.: /* The list of protocols understood by the rawss7 dissector. * When adding a protocol here, be sure to add a value_string entry for * the protocol in "packet-rawss7.c" */ #define RAWSS7_MTP2 0x0001 #define RAWSS7_MTP3 0x0002 #define RAWSS7_SCCP 0x0003 There was some discussion about these protocol values being allocated by tcpdump-workers as well. In fact it would be handy to have one place to allocate such numbers, so what do you think about allocating 3 more (for now) LINKTYPE_'s: LINKTYPE_RAWSS7_MTP2 LINKTYPE_RAWSS7_MTP3 LINKTYPE_RAWSS7_SCCP? If not, just the LINKTYPE_RAWSS7 will be fine (Ethereal can maintain the RAWSS7 types).
Regards, -Jeff ps. The reason we want to use the PCAP file format here is because it'swell defined and there isn't another (popular) file format for capturing SS7 messages that we can reverse engineer. Rather than creating a new file format, it's a lot easier to just allocate a LINKTYPE_.
- This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- request for LINKTYPE_ Jeff Morriss (Sep 09)
- Re: request for LINKTYPE_ Michael Richardson (Sep 09)
- Re: request for LINKTYPE_ Jeff Morriss (Sep 10)
- Re: request for LINKTYPE_ Michael Richardson (Sep 10)
- Re: request for LINKTYPE_ Jeff Morriss (Sep 10)
- Re: request for LINKTYPE_ Michael Richardson (Sep 09)