Wireshark-dev: Re: [Wireshark-dev] pcap-ng support

From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
Date: Mon, 21 Jan 2008 23:54:57 -0800

For sure.
There's no problem in allocating a new link type code for BT. If I remember well, libpcap actually already defines a linktype for BT (i would need to check). The important thing is defining the frame format used with such link type.
 
Have a nice day
GV
----- Original Message -----
From: Tyson Key
Sent: Monday, January 21, 2008 11:30 PM
Subject: Re: [Wireshark-dev] pcap-ng support

Hi, sorry to hijack the thread, but does anyone know if there will be a link type code available for Bluetooth in pcap-ng?

Thanks, Tyson.

On Jan 18, 2008 7:01 AM, Ulf Lamping < ulf.lamping@xxxxxx> wrote:
Gianluca Varenni schrieb:
> FYI today I tried opening a pcap-ng file with wireshark rev 24118, and
> it sort of worked.
>
> What works:
> - the first file I opened was a 50+MB file generated with NTAR. Real
> ethernet packets coming from a custom board. Wireshark opened the
> trace without any problem, and the decoded packets made perfectly
> sense. YAY!
Nice!
>
> What doesn't work:
> - timestamps are wrong. There are two problems here:
>  1. the IDB option for the timestamp precision is not decoded, and I
> was generating timestamps with nanosecond precision.
No wonder, the corresponding line in the code says: /* XXX - convert
timestamps into nsecs */ ;-)
>  2. timestamps are not in the libpcap fashion (seconds and
> microseconds, or seconds and nanoseconds). It's a single 64bit
> quantity that is split into high and low 32bits.
>
The timestamps currently won't work, but shouldn't be too hard to fix.

I'll have a look ...

Regards, ULFL

P.S: The FCS is also not decoded, Wireshark will internally always
handle pcapng as: "don't know if FCS is there"
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev



--
Fight Internet Censorship! http://www.eff.org
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Open-Source Community, and Technology Testbed: http://www.house404.co.uk/


_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev