Wireshark · Ethereal-users: Re: [Ethereal-users] network type 13 unknown or unsupported

Ethereal-users: Re: [Ethereal-users] network type 13 unknown or unsupported

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Martin Regner" <martin.regner@xxxxxxxxx>

Date: Wed, 18 Feb 2004 07:14:10 +0100

Guy Harris
> On Mon, Feb 16, 2004 at 12:48:08PM +0100, diaz_d1@xxxxxx wrote:
> > I'm trying to analize BGP session over ATM but I get "network type 13
> > unknown".
>
> On what OS did you run tcpdump?
>
> A network capture type of 13 means different things on different OSes.
>
> In FreeBSD and NetBSD, it means DLT_SLIP_BSDOS, which is a libpcap
> encapsulation of SLIP that's used in BSD/OS - but FreeBSD and NetBSD
> don't use that encapsulation and don't generate captures of that sort,
> and DLT_SLIP_BSDOS is 15, not 13, in BSD/OS.
>
> In BSD/OS, 13 is DLT_ATM_RFC1483, for traffic encapsulated over ATM AAL5
> as per RFC 1483.
>
> In OpenBSD, it's DLT_ENC, which I think is some sort of encapsulation
> used for decrypted IPsec traffic.
>

diaz_d1 enclosed a sample capture with his mail.

I think it looked like LLC header AA-AA-03 (i.e. SNAP header), but with four
bytes before the LLC header.

I guess that it is DLT_ATM_RFC1483 but with four extra bytes first.

Follow-Ups:
- Re: [Ethereal-users] network type 13 unknown or unsupported
  - From: Martin Regner

References:
- [Ethereal-users] network type 13 unknown or unsupported
  - From: diaz_d1
- Re: [Ethereal-users] network type 13 unknown or unsupported
  - From: Guy Harris

Prev by Date: Re: [Ethereal-users] Favorite font?
Next by Date: Re: [Ethereal-users] X11: sudo ethereal
Previous by thread: Re: [Ethereal-users] network type 13 unknown or unsupported
Next by thread: Re: [Ethereal-users] network type 13 unknown or unsupported
Index(es):
- Date
- Thread