tcpdump mailing list archives

Re: Request for new Link-layer header type

From: <HPfrommer () hilscher com>
Date: Fri, 2 Sep 2011 09:53:44 +0200

Unfortunately there is no document online, but the structure is quite

simple, it's just a 32-bit value containing some bit fields:

So a packet has a 32-bit value, followed by the Ethernet header,

starting >with the destination MAC address?

In order to have a nice Hex-Display, starting with the destination MAC
address, we would like to put it *after* the Ethernet packet data.
The pcap packet would look as follows:

pcaprec_hdr_t:
    ts_sec
    ts_usec
    incl_len
    orig_len
packet_data:
    dst_mac
    src_mac
    len_type
    fcs
  NETANA_HEADER_T
.... next packet

uiGpio:
0: comes for Ethernet port
1: comes for GPIO port


So if uiGpio is set, is what follows an Ethernet packet, or something

else?

There will follow an Ethernet packet with a special destination/source
MAC address from our company's MAC address range.
(An appropriate heuristic dissector is already included in Wireshark
under epan/dissectors/packet_hilscher.c
If we have the new Link-layer type we would be able to remove the
heuristic dissector and decode this special frame via this bit in
NETANA_HEADER_T.)

uiTransparent:
0: normal Ethernet mode
1: transparent capture mode


Is there any difference between the packets in those two modes?


Yes, this will include the preamble/SFD as supplied by the Ethernet-PHY.
This is used as low-level analysis expert mode.

pcaprec_hdr_t:
    ts_sec
    ts_usec
    incl_len
    orig_len
packet_data:
    preamble
    SFD
    dst_mac
    src_mac
    len_type
    fcs
  NETANA_HEADER_T

uiLength:
real frame length in bytes


How does that differ from the pcap length field?


It's there for historical reasons and provides the length of the
captured data, it would be the same as the pcap length field.


Holger


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


Hilscher Gesellschaft für Systemautomation mbH
Rheinstr. 15, 65795 Hattersheim
Sitz der Gesellschaft: Hattersheim
Geschäftsführer: Hans-Jürgen Hilscher
Registergericht: Amtsgericht Frankfurt/Main
Handelsregister: Frankfurt B 26873
www.hilscher.com

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Request for new Link-layer header type HPfrommer (Aug 30)
- Re: Request for new Link-layer header type Guy Harris (Aug 30)
  - Re: Request for new Link-layer header type HPfrommer (Aug 31)
    - Re: Request for new Link-layer header type Guy Harris (Sep 01)
    - Re: Request for new Link-layer header type HPfrommer (Sep 05)
    - Re: Request for new Link-layer header type Guy Harris (Sep 05)
    - Re: Request for new Link-layer header type HPfrommer (Sep 05)
    - Re: Request for new Link-layer header type Guy Harris (Sep 06)
    - Re: Request for new Link-layer header type Guy Harris (Sep 06)
    - Re: Request for new Link-layer header type HPfrommer (Sep 06)
    - Re: Request for new Link-layer header type Guy Harris (Sep 13)
    - Re: Request for new Link-layer header type HPfrommer (Sep 14)
    - Re: Request for new Link-layer header type Guy Harris (Sep 14)
    - Re: Request for new Link-layer header type HPfrommer (Sep 14)
    - Re: Request for new Link-layer header type Guy Harris (Sep 15)

(Thread continues...)