Wireshark · Ethereal-dev: Re: [Ethereal-dev] updated fakelink dissector + (new) README.fakelink

[Navin Anand <navin.anand@xxxxxxxxxxxx>]

Hello,

> > > 3) How to write a fake link layer PCAP file?
> > > ----------------------------------------------
> > >
> > > There are 2 methods that you can use to write out a fake link PCAP 
> > > capture
> > > file: by using the Wiretap library (part of Ethereal) or by writing 
> > > the file
> > > out directly from your application.  It would make sense that 
> > > libpcap could
> > > be used directly (which could be advantageous since it has a BSD 
> > > license) but
> > > the APIs for libpcap do not seem to allow writing protocol packets 
> > > to a file
> > > directly (it seems geared more towards capture-and-writing).
> >
> >
> >
> > You could, with more recent versions of libpcap, probably cheat by 
> > calling "pcap_open_dead()" and using the pcap_t * you get back from 
> > that as the argument to "pcap_dump_open()".
>
>
> Okay, yes, that works well, too...  Thanks for the pointer.
>
>
>
> Does anybody have any thoughts on what direction to take with this?
>
> I'm leaning towards asking 'tcpdump-workers' for some new LINKTYPE_ 
> definitions:
>
> LINKTYPE_MTP2
> LINKTYPE_MTP3
> LINKTYPE_SCCP (Navin, I assume you want this one?  I don't need it)
>
> and ditch the "fake link" dissector for now.  (But I'd like some level 
> of agreement before doing so.)
>
> Regards,
> -Jeff
My requirement extends beyond SCCP, for e.g. I need to be able to decode 
raw MAP packets. I find it convenient to have a single LINKTYPE_ 
definition for fake link, and have all other protocols register with it. 
Perhaps I am biased towards my creation.

Yours truly,
Navin Anand.