Lines Matching +full:html +full:- +full:encoding +full:- +full:sniffer
1 /*-
41 * Link-layer header type codes.
44 * "tcpdump-workers@lists.tcpdump.org" for a value. Otherwise, you run
46 * purpose, and of having tools that read libpcap-format captures not
53 * https://www.tcpdump.org/linktypes.html
55 * for detailed descriptions of some of these link-layer header types.
69 #define DLT_ARCNET 7 /* ARCNET, with BSD-style header */
71 #define DLT_PPP 9 /* Point-to-point Protocol */
80 * XXX - DLT_ATM_RFC1483 is 13 in BSD/OS, and DLT_RAW is 14 in BSD/OS,
83 #define DLT_ATM_RFC1483 11 /* LLC-encapsulated ATM */
100 #define DLT_PPP_BSDOS 14 /* BSD/OS Point-to-point Protocol */
104 #define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */
113 * a 1-byte ULP field (ULP-id)?
115 * a 1-byte flags field;
117 * a 2-byte "offsets" field;
119 * a 4-byte "D2 length" field (D2_Size?);
121 * a 4-byte "destination switch" field (or a 1-byte field
123 * sub fields, followed by a 3-byte Destination_Switch_Address
124 * field?, HIPPI-LE 3.4-style?);
126 * a 4-byte "source switch" field (or a 1-byte field containing the
128 * by a 3-byte Source_Switch_Address field, HIPPI-LE 3.4-style?);
130 * a 2-byte reserved field;
132 * a 6-byte destination address field;
134 * a 2-byte "local admin" field;
136 * a 6-byte source address field;
140 * This looks somewhat like something derived from the HIPPI-FP 4.4
141 * Header_Area, followed an HIPPI-FP 4.4 D1_Area containing a D1 data set
142 * with the header in HIPPI-LE 3.4 (ANSI X3.218-1993), followed by an
143 * HIPPI-FP 4.4 D2_Area (with no Offset) containing the 802.2 LLC header
153 * HIPPI is long-gone, and the source files found in an older version
155 * see a capture with this link-layer type.
172 * as 117 so that pflog captures would use a link-layer header type
191 * DLT_PFLOG, is not only OS-dependent but OS-version-dependent,
217 * The Axent Raptor firewall - now the Symantec Enterprise Firewall - uses
218 * a link-layer type of 99 for the tcpdump it supplies. The link-layer
227 * link-layer header type LINKTYPE_ values corresponding to DLT_ types
233 * Values starting with 104 are used for newly-assigned link-layer
234 * header type values; for those link-layer header types, the DLT_
246 * it with a different value should define it here with that value -
267 * so that we don't have to worry about the link-layer header.)
280 * that the AF_ type in the link-layer header is in network byte order.
305 * as link-layer types corresponding to DLT_ types that might differ
346 * Registered for Cisco-internal use.
351 * For 802.11 cards using the Prism II chips, with a link-layer
358 * Reserved for Aironet 802.11 cards, with an Aironet link-layer header
366 * 121 was reserved for Siemens HiPath HDLC on 2002-01-25, as
369 * On 2004-02-25, a FreeBSD checkin to sys/net/bpf.h was made that
371 * does DLT_ <-> LINKTYPE_ mapping, mapping DLT_PFSYNC to a
373 * dump files with 246 as the link-layer header type. (Earlier
375 * have written them out with a link-layer header type of 121.)
378 * its libpcap does no DLT_ <-> LINKTYPE_ mapping, so it would
379 * write out DLT_PFSYNC dump files with use 18 as the link-layer
383 * current versions, their libpcaps do DLT_ <-> LINKTYPE_ mapping,
385 * should write out DLT_PFSYNC dump files with 246 as the link-layer
388 * them out with a link-layer header type of 18.)
406 * Code that uses pcap_datalink() to determine the link-layer header
413 * FreeBSD's libpcap won't map a link-layer header type of 18 - i.e.,
415 * DragonFly BSD, and macOS - to DLT_PFSYNC, so code built with FreeBSD's
418 * Other libpcaps won't map a link-layer header type of 121 to DLT_PFSYNC;
430 * This is for RFC 2625 IP-over-Fibre Channel.
432 * This is not for use with raw Fibre Channel, where the link-layer
433 * header starts with a Fibre Channel frame header; it's for IP-over-FC,
434 * where the link-layer header starts with an RFC 2625 Network_Header
441 * pseudo-header followed by an AALn PDU.
444 * with different pseudo-headers.
446 * If ATM software returns a pseudo-header with VPI/VCI information
448 * LANE, LLC-multiplexed traffic, etc.), it should not use
451 * pseudo-header and the form of the pseudo-header.
464 * Header for 802.11 plus a number of bits of link-layer information
474 * which includes a means to include meta-information
478 #define DLT_TZSP 128 /* Tazmen Sniffer Protocol */
485 * Linux's ARCNET headers, however, have a 2-byte offset field
494 * Juniper-private data link types, as per request from
496 * for passing on chassis-internal metainformation such as
509 * Apple IP-over-IEEE 1394, as per a request from Dieter Siegmund
510 * <dieter@apple.com>. The header that's presented is an Ethernet-like
529 #define DLT_MTP2_WITH_PHDR 139 /* pseudo-header with various info, followed by MTP2 */
530 #define DLT_MTP2 140 /* MTP2, without pseudo-header */
531 #define DLT_MTP3 141 /* MTP3, without pseudo-header or MTP2 */
532 #define DLT_SCCP 142 /* SCCP, without pseudo-header or MTP2 or MTP3 */
540 * Linux-IrDA packets. Protocol defined at https://www.irda.org.
544 * This is exactly the format you would get capturing on a Linux-IrDA
546 * Note the capture is done in "Linux-cooked" mode, so each packet include
563 * Reserved for private use. If you have some link-layer header type
565 * using that link-layer header type not ever be sent outside your
572 * your private versions of capture-file-reading tools to read; in
584 * Instead, ask "tcpdump-workers@lists.tcpdump.org" for a new DLT_ value,
605 * For future use with 802.11 captures - defined by AbsoluteValue
606 * Systems to store a number of bits of link-layer information
611 * but it might be used by some non-AVS drivers now or in the
617 * Juniper-private data link type, as per request from
619 * for passing on chassis-internal metainformation such as
634 * supply pppd with outgoing packets so it can do dial-on-demand and
635 * hangup-on-lack-of-demand; incoming packets are filtered out so they
641 * the direction - 0x00 = IN, 0x01 = OUT.
653 * Juniper-private data link type, as per request from
655 * for passing on chassis-internal metainformation such as
662 #define DLT_GPF_T 170 /* GPF-T (ITU-T G.7041/Y.1303) */
663 #define DLT_GPF_F 171 /* GPF-F (ITU-T G.7041/Y.1303) */
673 * Juniper-private data link type, as per request from
683 * the link-layer header.
686 #define DLT_ERF_POS 176 /* Packet-over-SONET */
690 * for vISDN (http://www.orlandi.com/visdn/). Its link-layer header
697 * Juniper-private data link type, as per request from
699 * The DLT_ are used for prepending meta-information
701 * before standard Ethernet, PPP, Frelay & C-HDLC Frames
714 * Juniper-private data link type, as per request from
733 * Please refer to the A653-1 standard for more information.
741 * However, that header didn't work all that well - it left out some
742 * useful information - and was abandoned in favor of the DLT_USB_LINUX
748 * For source-code compatibility, we also define DLT_USB to have this
780 * http://www.can-cia.org/downloads/?269
803 * Juniper-private data link type, as per request from
824 * Various link-layer types, with a pseudo-header, for SITA
830 * Various link-layer types, with a pseudo-header, for Endace DAG cards;
844 * IPMB packet for IPMI, beginning with a 2-byte header, followed by
848 * XXX - this used to be called DLT_IPMB, back when we got the
850 * had no extra 2-byte header. We've renamed it; if anybody used
851 * DLT_IPMB and assumed no 2-byte header, this will cause the compile
860 * Juniper-private data link type, as per request from
867 * Bluetooth HCI UART transport layer (part H:4), with pseudo-header
873 * AX.25 packet with a 1-byte KISS header; see
877 * as per Richard Stearn <richard@rns-stearn.demon.co.uk>.
883 * with no pseudo-header.
889 * PPP, with a one-byte direction pseudo-header prepended - zero means
890 * "received by this host", non-zero (any non-zero value) means "sent by
891 * this host" - as per Will Barker <w.barker@zen.co.uk>.
899 * Cisco HDLC, with a one-byte direction pseudo-header prepended - zero
900 * means "received by this host", non-zero (any non-zero value) means
901 * "sent by this host" - as per Will Barker <w.barker@zen.co.uk>.
906 * Frame Relay, with a one-byte direction pseudo-header prepended - zero
907 * means "received by this host" (DCE -> DTE), non-zero (any non-zero
908 * value) means "sent by this host" (DTE -> DCE) - as per Will Barker
914 * LAPB, with a one-byte direction pseudo-header prepended - zero means
915 * "received by this host" (DCE -> DTE), non-zero (any non-zero value)
916 * means "sent by this host" (DTE -> DCE)- as per Will Barker
922 * 208 is reserved for an as-yet-unspecified proprietary link-layer
927 * IPMB with a Linux-specific pseudo-header; as requested by Alexey Neyman
933 * FlexRay automotive bus - http://www.flexray.com/ - as requested
940 * transport - https://www.mostcooperation.com/ - as requested
946 * Local Interconnect Network (LIN) bus for vehicle networks -
947 * http://www.lin-subbus.org/ - as requested by Hannes Kaelber
953 * X2E-private data link type used for serial line capture,
959 * X2E-private data link type used for the Xoraya data logger
966 * nothing), but with the PHY-level data for non-ASK PHYs (4 octets
968 * reserved bit, and then the MAC-layer data, starting with the
992 * MPLS, with an MPLS label as the link-layer header.
1000 * padded to 64 bytes; required for memory-mapped access.
1005 * DECT packets, with a pseudo-header; requested by
1011 * From: "Lidwa, Eric (GSFC-582.0)[SGT INC]" <eric.lidwa-1@nasa.gov>
1012 * Date: Mon, 11 May 2009 11:18:30 -0500
1031 * Fibre Channel FC-2 frames, beginning with a Frame_Header.
1037 * Fibre Channel FC-2 frames, beginning with an encoding of the
1038 * SOF, and ending with an encoding of the EOF.
1040 * The encodings represent the frame delimiters as 4-byte sequences
1043 * byte values; for example, SOFi2, which is K28.5 - D21.5 - D1.2 - D21.2,
1051 * Solaris ipnet pseudo-header; requested by Darren Reed <Darren.Reed@Sun.COM>.
1053 * The pseudo-header starts with a one-byte version number; for version 2,
1054 * the pseudo-header is:
1067 * dli_version is 2 for the current version of the pseudo-header.
1072 * dli_htype is a "hook type" - 0 for incoming packets, 1 for outgoing
1076 * dli_pktlen is the length of the packet data following the pseudo-header
1078 * pseudo-header, assuming the entire pseudo-header was captured).
1093 * An IPv4 or IPv6 datagram follows the pseudo-header; dli_family indicates
1099 * CAN (Controller Area Network) frames, with a pseudo-header as supplied
1100 * by Linux SocketCAN, and with multi-byte numerical fields in that header
1101 * in big-endian byte order.
1124 * Raw D-Bus:
1130 * https://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-messages
1135 * https://dbus.freedesktop.org/doc/dbus-specification.html#auth-protocol
1142 * Juniper-private data link type, as per request from
1150 * DVB-CI (DVB Common Interface for communication between a PC Card
1153 * https://www.kaiser.cx/pcap-dvbci.html
1163 * *not* the same as, 27.010). Requested by Hans-Christoph Schemmel
1164 * <hans-christoph.schemmel@cinterion.com>.
1175 * Juniper-private data link type, as per request from
1184 * Requested by Jakub Zawadzki <darkjames-ws@darkjames.pl>
1189 * Hilscher Gesellschaft fuer Systemautomation mbH link-layer type
1190 * for Ethernet packets with a 4-byte pseudo-header and always
1199 * Hilscher Gesellschaft fuer Systemautomation mbH link-layer type
1200 * for Ethernet packets with a 4-byte pseudo-header and FCS and
1210 * IP-over-InfiniBand, as specified by RFC 4391.
1217 * MPEG-2 transport stream (ISO 13818-1/ITU-T H.222.0).
1224 * ng4T GmbH's UMTS Iub/Iur-over-ATM and Iub/Iur-over-IP format as
1232 * Pseudo-header giving adapter number and flags, followed by an NFC
1233 * (Near-Field Communications) Logical Link Control Protocol (LLCP) PDU,
1260 * SCTP, with no lower-level protocols (i.e., no IPv4 or IPv6).
1274 * Schweitzer Engineering Laboratories "RTAC" product serial-line
1282 * Bluetooth Low Energy air interface link-layer packets.
1289 * DLT type for upper-protocol layer PDU saves from Wireshark.
1334 * didn't know that the right way to get a link-layer header type is to
1348 * When capturing, on a system with a Darwin-based OS, on a device
1351 * and that will continue to be DLT_USER2 on Darwin-based OSes. That way,
1355 * this version of libpcap, just as you can't with Apple's libpcap -
1362 * LINKTYPE_PKTAP, which will be 258, even on Darwin-based OSes.
1381 * of the preamble specified by 802.3-2012 Clause 65, section
1387 * IPMI trace packets, as specified by Table 3-20 "Trace Data Block Format"
1432 * TI protocol sniffer.
1444 * https://lists.sandelman.ca/pipermail/tcpdump-workers/2017-May/000772.html
1446 * for: https://qemu-project.org/Features/VirtioVsock
1451 * Nordic Semiconductor Bluetooth LE sniffer.
1456 * Excentis DOCSIS 3.1 RF sniffer (XRA-31)
1458 * https://www.xra31.com/xra-header
1463 * mPackets, as specified by IEEE 802.3br Figure 99-4, starting
1470 * DisplayPort(DP) Standard preceded by a pseudo-header.
1481 * Sercos Monitor, per Manuel Jacob <manuel.jacob at steinbeis-stg.de>
1491 * https://github.com/matwey/libopenvizsla/wiki/OpenVizsla-protocol-description
1511 …* https://fdio-vpp.readthedocs.io/en/latest/gettingstarted/developers/vnet.html#graph-dispatcher-p…
1522 * IEEE 802.15.4 with pseudo-header and optional meta-data TLVs, PHY payload
1525 * Specification at https://github.com/jkcko/ieee802.15.4-tap
1537 * https://socket.hr/draft-dfranusic-opsawg-elee-00.xml
1538 …ps://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://socket.hr/draft-dfranusic-opsawg-elee-…
1543 * Serial frames transmitted between a host and a Z-Wave chip.
1553 * ATSC Link-Layer Protocol (A/330) packets.
1577 * NetBSD-specific generic "raw" link type. The class value indicates
1579 * address family we're dealing with. Those values are NetBSD-specific;