On Sep 18, 2008, at 8:31 PM, Gaurav1 Jain wrote:
We are using an A104 Sangoma card
I.e.:
http://www.sangoma.com/products_and_solutions/hardware/digital_telephony_and_data/a104.html
to tap an E1
"Tap" as in "just capture traffic passively", using some special
driver that provides packets without the card acting as a regular
network interface (of the type that shows up in, for example, ifconfig
output), or is it attached as a Linux network interface, so that
libpcap is just capturing on it as a standard network interface?
If the former, that means you've modified libpcap; if the latter, then
libpcap is treating the card like any other network device, meaning
that it determines the DLT_ for the link layer by asking for its
ARPHRD_ type and:
if it's a known ARPHRD_ type, mapping it to the appropriate DLT_ type
(or perhaps doing the capture in "cooked mode" and using DLT_LINUX_SLL);
if it's not a known ARPHRD_ type, doing the capture in "cooked mode"
and using DLT_LINUX_SLL.
and for an E1, this card provides IP interface (as configured).
So what does it mean when it "provides [an] IP interface"? Does that
mean that the card supplies IP packets, with link-layer headers
stripped off, or does it supply packets with link-layer headers, with
the driver processing those headers and then stripping them off and
handing them to the IP layer?
So you can say there is no ICMP/UDP/TCP/SCTP/IP kind of DLT attached
to traces.
There is no "ICMP/UDP/TCP/SCTP/IP kind of DLT" attached to *any*
traces; those are all protocols running atop the link layer. There is
a DLT_RAW link layer used for packets where there *is* no link-layer
header.
Are you using Sangoma's Wanpipe software? If so, see the diagram at
the bottom of
http://www.sangoma.com/products_and_solutions/drivers_utilities/wan_networking/technical_specifications.html
Where are you connecting to the card in that diagram?