Wireshark-dev: Re: [Wireshark-dev] writing non-Ethernet pcapng files

From: Tyson Key <tyson.key@xxxxxxxxx>
Date: Fri, 22 May 2009 12:27:51 +0100
Hi.
Out of interest, are there supposed to be issues with Ethernet Pcap-NG files/packets appended to other Pcap-NG files generated with Wireshark 1.0.7 having an unrecognised link type in later (SVN) versions of Wireshark? At the same time, it seems that 1.0.7 has issues reading packets in Pcap-NG files from later versions (i.e. it'll try to recognise a few frames, and if the link type is Ethernet, show them in the packet pane, but it'll complain about a decompression error when trying to view them, or it'll just show one packet with an unknown link type (usally 0 or 113 here), depending on how packets were combined).

I've attached some samples for reference.

Thanks,
Tyson.

On Fri, May 22, 2009 at 6:35 AM, Ulf Lamping <ulf.lamping@xxxxxx> wrote:
Aaron Turner schrieb:
> On Thu, May 21, 2009 at 12:20 PM, Michael Tüxen
> <Michael.Tuexen@xxxxxxxxxxxxxxxxx> wrote:
>> On May 21, 2009, at 9:15 PM, Aaron Turner wrote:
>>
>>> On Thu, May 21, 2009 at 11:55 AM, Michael Tüxen
>>> <Michael.Tuexen@xxxxxxxxxxxxxxxxx> wrote:
>>>> Hi Aaron,
>>>>
>>>> can you check also with the latest svn version?
>>> This was trunk-1.0 r28436.  Are you working in trunk (wireshark
>>> 1.1.x)?
>> Yes, I'm working in 1.1.x...
>
>
> I just looked at the lastest trunk, and it too hard codes only
> ethernet as supported:
>
> from wiretap/pcapng.c pcapng_dump_can_write_encap():
>
>       /* XXX - for now we only support Ethernet */
>       if (encap != WTAP_ENCAP_ETHERNET)
>               return WTAP_ERR_UNSUPPORTED_ENCAP;
>

Hi!

This comment is from the time when I started to experimentally implement
pcapng.

This was only a rough prototype at that time and as I'm personally only
using Ethernet, I've only implemented the absolutely necessary stuff.

It's very long ago so I can't remember if there are any further problems
with anything else then Ethernet.

Seems that you're the first one trying to use it in this way ...

Regards, ULFL
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Fight Internet Censorship! http://www.eff.org
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://i9.house404.co.uk/ | Twitter/FriendFeed/Skype: vmlemon | +447549728105

Attachment: Cooked_DC28436-107_Ethernet_Concat.ntar
Description: Binary data

Attachment: Cooked_Dumpcap_SVN_28436.ntar
Description: Binary data

Attachment: Ethernet_Dumpcap_SVN_28436.ntar
Description: Binary data

Attachment: Ethernet_Wireshark_1.0.7.ntar
Description: Binary data