[tcpdump-workers] New link-type for Z-Wave serial interface

Guy Harris gharris at sonic.net
Mon Jul 22 21:43:41 EDT 2019

On Jul 21, 2019, at 2:19 PM, Mikhail Gusarov <dottedmag at dottedmag.net> wrote:

> On 21 Jul 2019, at 23:07, Guy Harris wrote:
>> So a "garbage frame" would be any frame that begins with a value other than 0x06, 0x15, 0x18, or 0x01?
>> Is there any reason for whatever capture mechanism produces these packets not to discard garbage frames
>> rather than handing them to the libpcap caller (if this is implemented as a libpcap module) or writing
>> them to a file (if this is implemented as a program that writes pcap or pcapng files)?
> Not really. These bytes are useless without the framing, and there are at most 257 of them (frame length
> is a single byte).

So should we just say something such as

	LINKTYPE_Z_WAVE_SERIAL	XXX	DLT_Z_WAVE_SERIAL	Serial frames transmitted between a host and a Z-Wave chip over an RS-232 or USB serial connection, as described in section 5 of the Z-Wave Serial API Host Application Programming Guide.  Frames that aren't ACK, NAK, CAN, or Data frames should be treated as invalid.

with "the Z-Wave Serial API Host Application Programming Guide" linking to the document you mentioned?

That way, the "Frames that aren't..." part indicates that, if code that produces those frames doesn't discard them, but provides them to programs capturing the frames or reading from a file logging the frames, the code getting the frames should either ignore them or report them as invalid.

More information about the tcpdump-workers mailing list