[tcpdump-workers] DLT request for EBHSCR

Guy Harris gharris at sonic.net
Wed Aug 8 14:34:27 EDT 2018

On Aug 8, 2018, at 8:23 AM, Michael Richardson <mcr at sandelman.ca> wrote:

> <Guenter.Ebermann at elektrobit.com> wrote:
>> After the header comes a captured frame-payload. Its content depends on the
>> major number in the header.
>> Do you need any more information?
> it would be great to point to a web site for this info.

...especially if the web site contains the same description *plus*:

	what versions of the header currently exist (updated as new versions are introduced);

	what the header looks like, for each of those versions, including what bits are used in the status field;

	what the payload looks like.

That's some additional information we need; if you expect to have multiple versions, it may be easier to update the description as new versions are introduced if it's on your site than if it's on our site.

It should be possible to, from the description on the tcpdump.org Web site plus whatever that description links to, write a dissector for {tcpdump, Wireshark, <pick your network analyzer>} for the packets.

More information about the tcpdump-workers mailing list