Hi Mirko,
Please refer to http://wiki.wireshark.org/Development/LibpcapFileFormat
about this subject.
Thanx,
Jaap
Mirko.Karanovic@xxxxxx wrote:
Hi,
I’ve been making Protocol Analyzer based on Sangoma S5142A synch serial
card and WireShark. Capturing of X.25 LAPB and PLP layers is done by
Sangoma card/driver. Storing into file is done by socket based code.
File format is libpcap file format.
I’ve seen that WireShark (wtap) has decoder for LAPB and PLP layers
of the original X.25.
Problem is that libpcap “DLT_ “ definitions doesn’t have value for
LAPB link layer. So, when I opened captured file by WireShark, I can see
only raw data.
I think that I should define proprietary “DLT_LAPB” value and do
whatever necessary steps in wtap (WireShark) in order to recognize my
DLT_LAPB type form libpcap file header. After that I should be able to
see LAPB frames and PLP packets in the WireShark.
Is above story about new DLT_LAPB and wtap extension is correct?
Regards
Mirko Karanovic.
Toronto Transit Comission
