tcpdump mailing list archives
Re: [AiG-CERT #104737] DLT value
From: Guy Harris via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Tue, 2 Jun 2020 00:43:51 -0700
--- Begin Message --- From: Guy Harris <gharris () sonic net>
Date: Tue, 2 Jun 2020 00:43:51 -0700
On Jun 2, 2020, at 12:22 AM, Airbus CERT via tcpdump-workers <tcpdump-workers () lists tcpdump org> wrote:Yes exactly each packet is an event. The layout of the event is https://docs.microsoft.com/en-us/windows/win32/api/evntcons/ns-evntcons-event_header and https://docs.microsoft.com/en-us/windows/win32/api/evntcons/ns-evntcons-event_header_extended_data_item. But we aligned this format with the ETL (serialization use by microsoft) which is not well documented.Is it documented at all? The description of a given LINKTYPE_/DLT_ value on https://www.tcpdump.org/linktypes.html and the pages linked to by that description must be sufficient to allow somebody to write code to, at minimum, parse the link-layer headers, without ever looking at Wireshark or tcpdump code.
--- End Message ---
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- [AiG-CERT #104737] DLT value Airbus CERT via tcpdump-workers (May 29)
- Re: [AiG-CERT #104737] DLT value Guy Harris via tcpdump-workers (May 29)
- Message not available
- Message not available
- Re: [AiG-CERT #104737] DLT value Airbus CERT via tcpdump-workers (Jun 02)
- Re: [AiG-CERT #104737] DLT value Guy Harris via tcpdump-workers (Jun 02)
- Message not available
- Message not available
- Re: [AiG-CERT #104737] DLT value Airbus CERT via tcpdump-workers (Jun 02)
- Re: [AiG-CERT #104737] DLT value Guy Harris via tcpdump-workers (Jun 11)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: [AiG-CERT #104737] DLT value Airbus CERT via tcpdump-workers (Jun 11)