Umesha S Anand said:
> I would like to capture SS7 packets from our T1/E1 card using
> ethereal.
> We already have an API which can capture the packets from the card and dump
> it on the screen. Can someone give me pointers on how to go about this
> task. I know I have to modify the pcap library,
...which means the question really should be asked on
tcpdump-workers@xxxxxxxxxxx, not on an Ethereal list.
I'd suggest that you download the libpcap 0.8.3 source (versions prior to
0.8 are not set up to handle additional special capture mechanisms very
well) and see how it's done for the DAG cards (pcap-dag.c and either
pcap-linux.c or pcap-bpf.c). You'd modify the pcap-XXX.c for whatever
OS/OSes the machine/machines into which the T1/E1 card is plugged run, so
that they look at the device name and, if it looks like a name for your
T1/E1 card, call the open routine for the card. That open routine would
be in its own pcap-XXX.c file, along with other routines; pcap-dag.c shows
how to do that.
You should use, as the DLT_ value (the value put into the "linktype" field
of the pcap_t you allocate in the open routine):
140 if the packets you'll be supplying start with an MTP2 header;
141 if they start with an MTP3 header;
142 if they start with an SCCP header.
You'd need to add to "gencode.c", in the switch statement in
"init_linktype()", a case clause for 140 and/or 141 and/or 142 that sets
"off_linktype", "off_nl", and "off_nl_nosnap" to -1 and returns.
(That's the same answer I'd give if this were asked on tcpdump-workers.
If you ask there, you might get some more advice from the Endace folks who
did the DAG card support.)