tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [libpcap] Add Android, kmsg and text DLT vales (#28)

From: Michael Richardson <mcr () sandelman ca>
Date: Fri, 12 Apr 2013 09:37:37 -0400

{please use the mailing list}


"MichalLabedzki" == MichalLabedzki  <notifications () github com> writes:

    MichalLabedzki> 1. Android - Android has binary logs knows as
    MichalLabedzki> Logger/Logcat (adb logcat -Bf file.logcat). One
    MichalLabedzki> packet is one log, timestamps is also
    MichalLabedzki> available. This semms to be similar to currently
    MichalLabedzki> exists DBus support in libpcap. Please see example
    MichalLabedzki> Wireshark implementation:
    MichalLabedzki> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8279 

As an Android hacker, I'm not sure that I see the value in a pcap format
of this.  The contents of these logs are generally unstructured, vs dbus
messages which have a definite structure to them.

    MichalLabedzki> 2. Linux kernel messages (/dev/kmsg or /proc/kmsg,
    MichalLabedzki> available tool: dmesg) - captures of kernel messages
    MichalLabedzki> could be interested from bug analyse side (together
    MichalLabedzki> with protocol payload). I am working on implementing
    MichalLabedzki> this for libpcap and Wireshark. See
    MichalLabedzki>
    MichalLabedzki> 
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/Documentation/ABI/testing/dev-kmsg 


Again, I these are generally unstructured output.

    MichalLabedzki> 3. Text - (text-file) also see
    MichalLabedzki>
    MichalLabedzki> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8279 for example Wireshark implementation 
    MichalLabedzki> One line can be treat as Wireshark packet - it could
    MichalLabedzki> be useful for code review, because you can add
    MichalLabedzki> comment on line what you like. Also can be used for
    MichalLabedzki> text-based interfaces like console/tty.  

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr () sandelman ca  http://www.sandelman.ca/        |   ruby on rails    [ 
        
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: