Re: DLT_DBUS

[Martin Vidner <martin () vidner net>]

Guy Harris wrote:
> On Oct 31, 2010, at 12:29 AM, Martin Vidner wrote:
> > please allocate a new network type for libpcap dump files, as
> > described in
> > http://wiki.wireshark.org/Development/LibpcapFileFormat#Global_Header
> > .
> > It is for dumping traffic on D-Bus,
> > http://en.wikipedia.org/wiki/D-Bus
> > , and the packets would contain raw D-Bus messages:
> > http://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-messages
>
> I.e., starting with the endianness flag, followed by the message
> type, etc.?

Yes. That also means that the authentication handshake before the
message sequence is excluded.
http://dbus.freedesktop.org/doc/dbus-specification.html#auth-protocol

(sorry for the delay, I forgot to subscribe and missed the reply)

Martin Vidner
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.