Wireshark · Wireshark-users: Re: [Wireshark-users] OpenBSD enc0 capture from tcpdump failes to decode

[Guy Harris <guy@xxxxxxxxxxxx>]

On Sep 25, 2009, at 1:32 PM, Brad Guillory wrote:

> So unless we are on an OpenBSD machine we will never have DLT_ENC ==
> 13.

Yes.  (I'm the person who put that stuff into pcap/bpf.h.)

> I also don't see code that would allow for DLT_ATM_RFC1483 to be
> set to 13.

Not having access to any BSD/OS systems, I didn't do anything for it -  
I probably should have, but as BSD/OS was discontinued a few years  
ago, I probably won't bother unless some BSD/OS user complains on  
tcpdump-workers or the libpcap SourceForge bug database.

> I am recompiling now to make sure that it will fix my problem; but I
> can't see why it wouldn't.

It appears to have fixed the problem - I was able to read the file on  
my Mac - and also let me clean up some special hacks to deal with a  
link-layer type of 13 on captures from some device running Nokia's  
IPSO (FreeBSD-based) OS.  (The hacks are still necessary - thanks a  
lot, Ipsilon/Nokia, for not picking a different magic number for your  
non-standard libpcap format - but at least they're simpler.)

I've checked that change into the main branch.  We might want to put  
it into Wireshark 1.2.3 (and, if we release one, 1.0.10).