Support General Packet Radio Service Logical Link Control - datalink type 169

simsong / tcpflow

TCP/IP packet demultiplexer. Download from:

http://downloads.digitalcorpora.org/downloads/tcpflow/

GNU General Public License v3.0

1.69k stars 237 forks source link

Support General Packet Radio Service Logical Link Control - datalink type 169 #70

Open boozer-zz opened 10 years ago

boozer-zz commented 10 years ago

I'm trying to analyze .pcap files with tcpflow -r tcp and get "sorry - unknown datalink type 169 on interface" The files I want to analyse are not generated by tcpflow. Am I doing something wrong or is there a problem with my files?

boozer-zz commented 10 years ago

Ok. I read a little bit and I think my pcaps are ok, but no tool besides wireshark/tshark seems to support "General Packet Radio Service Logical Link Control" or am I mistaken?

If so is there any way to reconstruct the tcp ascii data from my pcaps with tcpflow, tshark or any other tool?

P.S. The problem with tshark is not compatibility, but rather that it stops reconstructing a flow on the first missing/broken package in a flow

simsong commented 10 years ago

It's really not hard to add support for another packet format. You just need to know the offset where the data begins. Look at the file datalink.cpp