Wireshark mailing list archives

Re: ISDN Layer 3 decode

From: Guy Harris <guy () alum mit edu>
Date: Sun, 23 Oct 2011 15:01:55 -0700


On Oct 23, 2011, at 2:17 PM, Keith French wrote:

Please can you give me some idea of the syntax to use with text2pcap - I cannot see anything in the help referring to 
a "DLT_ value" (in fact I'm not sure what a DLT_ is anyway).


I wasn't sure what terminology was being used; it turns out the text2pcap man page uses the terminology I prefer, which 
is "link-layer type value" (well, actually, I prefer "link-layer header type value", as it specifies what headers 
appear at the beginning of the packet, regardless of the actual link-layer type):

        $ man text2pcap

                ...

               −l  Specify the link‐layer type of this packet. Default is Ethernet
                   (1). See net/bpf.h for the complete list of possible
                   encapsulations. Note that this option should be used if your dump
                   is a complete hex dump of an encapsulated packet and you wish to
                   specify the exact type of encapsulation. Example: −l 7 for ARCNet
                   packets.

(I need to update that to say "see http://www.tcpdump.org/linktypes.html for the complete list of possible 
encapsulations.)  They've become known as DLT_ values, from the #defines used in net/bpf.h; however, in some cases, the 
actual value in the file is different from the DLT_ #define, thanks to various BSDs picking different numerical values 
for the same link-layer header type - tcpdump.org assigned a separate link-layer header type value, for use in capture 
files, for that link-layer header type, so that a file produced on one OS could be read on another OS.)

In any case, the syntax for that would be "-l 203" as a command-line argument to text2pcap.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Re: ISDN Layer 3 decode, (continued)
- - - Re: ISDN Layer 3 decode Keith French (Oct 27)
    - Re: ISDN Layer 3 decode Keith French (Oct 27)
    - Re: ISDN Layer 3 decode Guy Harris (Oct 27)
    - Re: ISDN Layer 3 decode Keith French (Oct 28)
    - Re: ISDN Layer 3 decode Guy Harris (Oct 28)
    - Re: ISDN Layer 3 decode Keith French (Oct 30)
    - Re: ISDN Layer 3 decode Guy Harris (Oct 30)
    - Re: ISDN Layer 3 decode Keith French (Oct 31)
    - Re: ISDN Layer 3 decode Guy Harris (Oct 23)
    - Re: ISDN Layer 3 decode Keith French (Oct 23)
    - Re: ISDN Layer 3 decode Guy Harris (Oct 23)