tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG

From: Guy Harris via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Thu, 4 Feb 2021 04:36:39 -0800
--- Begin Message --- From: Guy Harris <gharris () sonic net>
Date: Thu, 4 Feb 2021 04:36:39 -0800
On Feb 4, 2021, at 3:41 AM, developer--- via tcpdump-workers <tcpdump-workers () lists tcpdump org> wrote:


We currently use this code in our lua dissector to display (decoded) SIP messages.

-- offsets will change with the new LINKTYPE
   if (buf(148,2):uint() == MSG_TYPE_SIP) then
       sadd("src_ip",0,16)
       sadd("src_port",16,2,"uint")
       sadd("dst_ip", 18,16)
       sadd("dst_port",34,2,"uint")
       Dissector.get("sip"):call(buf(msg_start, msg_len):tvb(), pinfo, subtree)
       return
   end


In other words, the format of packets is:

        IPv6 source address - 16 octets
        source port - 2 octets
        IPv6 destination address - 16 octets
        destination port - 16 octets
        SIP packet

--- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: