|
Packit |
209cc3 |
<HTML><HEAD>
|
|
Packit |
209cc3 |
<STYLE type="text/css">
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
A { text-decoration:none }
|
|
Packit |
209cc3 |
-->
|
|
Packit |
209cc3 |
</STYLE>
|
|
Packit |
209cc3 |
</HEAD>
|
|
Packit |
209cc3 |
<BODY>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
<FONT SIZE=+0 FACE="COURIER">A "Distributed Pcap" for Remote Monitoring LANs & WANs
|
|
Packit |
209cc3 |
(Design Notes for the SITA ACN device)</FONT>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Fulko Hew SITA INC Canada, Inc. Revised: October 2, 2007
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SUMMARY
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Note: This document is part of the libpcap Git and was derived from 'pcap.3' (circa Aug/07).
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The ACN provides a customized/distributed version of this library that alows SMPs to
|
|
Packit |
209cc3 |
interact with the various IOPs within the site providing a standard mechanism
|
|
Packit |
209cc3 |
to capture LAN and WAN message traffic.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
<CENTER>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP
|
|
Packit |
209cc3 |
The Supervisory Management Processor where Wireshark (or equivalent)
|
|
Packit |
209cc3 |
runs in conjuction with a libpcap front-end.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP
|
|
Packit |
209cc3 |
I/O Processors where the monitored ports exist in conjunction
|
|
Packit |
209cc3 |
with a custom device driver/libpcap back-end.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
</CENTER>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Each IOP will be capable of supporting multiple connections from an SMP
|
|
Packit |
209cc3 |
enabling monitoring of more than one interface at a time, each through
|
|
Packit |
209cc3 |
its own seperate connection. The IOP is responsible to ensure and report
|
|
Packit |
209cc3 |
an error if any attempt is made to monitor the same interface more than once.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
There are three applications that will be supported by the ACN version of libpcap.
|
|
Packit |
209cc3 |
They each use a slightly different mode for looping/capturing and termination
|
|
Packit |
209cc3 |
as summarized in the following table:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
<CENTER>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Application Capture Termination
|
|
Packit |
209cc3 |
wireshark
|
|
Packit |
209cc3 |
pcap_dispatch(all packets in one buffer of capture only)
|
|
Packit |
209cc3 |
pcap_breakloop()
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
tshark
|
|
Packit |
209cc3 |
pcap_dispatch(one buffer of capture only)
|
|
Packit |
209cc3 |
Since a CTRL-C was used to terminate the application, pcap_breakloop() is never called.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
tcpdump
|
|
Packit |
209cc3 |
pcap_loop(all packets in the next buffer, and loop forever)
|
|
Packit |
209cc3 |
pcap_breakloop()
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
</CENTER>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Note: In all cases, the termination of capturing is always (apparently) followed by
|
|
Packit |
209cc3 |
pcap_close(). Pcap_breakloop() is only used to stop/suspend looping/processing,
|
|
Packit |
209cc3 |
and upon close interpretation of the function definitions, it is possible to resume
|
|
Packit |
209cc3 |
capturing following a pcap_breakloop() without any re-initialization.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
ACN Limitations
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Monitoring of backup IOPs is not currently supported.
|
|
Packit |
209cc3 |
Ethernet interfaces cannot be monitored in promiscuous mode.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
ROUTINES
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The following list of functions is the sub-set of Pcap functions that have been
|
|
Packit |
209cc3 |
altered/enhanced to support the ACN remote monitoring facility. The remainder of the Pcap
|
|
Packit |
209cc3 |
functions continue to perform their duties un-altered. Libpcap only supports this
|
|
Packit |
209cc3 |
mode of operation if it has been configured/compiled for SITA/ACN support.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_findalldevs
|
|
Packit |
209cc3 |
pcap_freealldevs
|
|
Packit |
209cc3 |
pcap_open_live
|
|
Packit |
209cc3 |
pcap_close
|
|
Packit |
209cc3 |
pcap_setfilter
|
|
Packit |
209cc3 |
pcap_dispatch
|
|
Packit |
209cc3 |
pcap_loop
|
|
Packit |
209cc3 |
pcap_next
|
|
Packit |
209cc3 |
pcap_next_ex
|
|
Packit |
209cc3 |
pcap_stats
|
|
Packit |
209cc3 |
</FONT>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
These subroutines have been modified for the ACN specific distributed and remote monitoring
|
|
Packit |
209cc3 |
ability perform the following basic functions. More detail is provided in the
|
|
Packit |
209cc3 |
"SMP/IOP Inter-Process Communication Protocol" section.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_open_live()
|
|
Packit |
209cc3 |
Used to obtain a packet capture descriptor to look at packets on the network.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The SMP will open a connection to the selected IOP on its 'sniffer' port
|
|
Packit |
209cc3 |
to ensure it is available. It sends a null terminated string identifying
|
|
Packit |
209cc3 |
the interface to be monitored.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
After any required processing is complete, the IOP will return a
|
|
Packit |
209cc3 |
null terminated string containing an error message if one occured.
|
|
Packit |
209cc3 |
If no error occured, a empty string is still returned.
|
|
Packit |
209cc3 |
Errors are:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
"Interface (xxx) does not exist."
|
|
Packit |
209cc3 |
"Interface (xxx) not configured."
|
|
Packit |
209cc3 |
"Interface (xxx) already being monitored."
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_findalldevs()
|
|
Packit |
209cc3 |
It constructs a list of network devices that can be opened with pcap_open_live().
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
It obtains a list of IOPs currently available (via /etc/hosts).
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The SMP will sequentially open a connection to each IOP on its 'sniffer' port to ensure
|
|
Packit |
209cc3 |
the IOP is available.
|
|
Packit |
209cc3 |
It sends a null terminated empty interface ID followed by the query request command.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
The IOP returns an error response and its list of devices.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The SMP closes the TCP connection with each IOP.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The SMP adds the received information to its internal structure.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_freealldevs()
|
|
Packit |
209cc3 |
Used to free a list allocated by pcap_findalldevs().
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The SMP frees the structure it built as a result of the previous
|
|
Packit |
209cc3 |
invocation of pcap_findalldevs().
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_dispatch()
|
|
Packit |
209cc3 |
Used to collect and process packets.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
On the first invocation of pcap_dispatch(), pcap_loop(), or pcap_next(), or pcap_next_ex() following a pcap_open_live(),
|
|
Packit |
209cc3 |
the SMP will pass down the monitor start command and various parameters the IOP should use.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The IOP now sends a stream of captured data.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The SMP will read the reverse channel of the connection between the SMP and the
|
|
Packit |
209cc3 |
IOP that provides the captured data (via 'p->read_op' which is 'pcap_read_linux()'
|
|
Packit |
209cc3 |
until the select() call returns a 'no more data' indication.
|
|
Packit |
209cc3 |
It will the process (at most) the next 'cnt' packets and invoke the specified
|
|
Packit |
209cc3 |
callback function for each packet processed.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The IOP continues to listen for additional commands as well as capturing and forwarding data to the SMP.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_loop()
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Is similar to pcap_dispatch() except it keeps reading packets until
|
|
Packit |
209cc3 |
the requested number of packets are processed or an error occurs.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
On the first invocation of pcap_dispatch(), pcap_loop(), or pcap_next(), or pcap_next_ex() following a pcap_open_live(),
|
|
Packit |
209cc3 |
the SMP will pass down the monitor start command and various parameters the IOP should use.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The IOP now sends a stream of captured data.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The SMP continuously reads the next packet from the reverse channel of the connection
|
|
Packit |
209cc3 |
between the SMP and the IOP that provides the captured data (via 'p->read_op'
|
|
Packit |
209cc3 |
which is 'pcap_read_linux()' until 'cnt' packets have been received.
|
|
Packit |
209cc3 |
The specified callback function will be invoked for each packet received.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The IOP continues to listen for additional commands as well as capturing and forwarding data to the SMP.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_next()
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
It reads the next packet (by calling pcap_dispatch() with a count of 1)
|
|
Packit |
209cc3 |
and returns a pointer to the data in that packet.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
On the first invocation of pcap_dispatch(), pcap_loop(), or pcap_next(), or pcap_next_ex() following a pcap_open_live(),
|
|
Packit |
209cc3 |
the SMP will pass down the monitor start command and various parameters the IOP should use.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The IOP now sends a stream of captured data.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The SMP reads only the next packet from the reverse channel of the connection
|
|
Packit |
209cc3 |
between the SMP and the IOP that provides the captured data (via calling pcap_dispatch()
|
|
Packit |
209cc3 |
with a count of 1) and returns a pointer to that data by invoking an internal callback.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The IOP continues to listen for additional commands as well as capturing and forwarding data to the SMP.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_next_ex()
|
|
Packit |
209cc3 |
Reads the next packet and returns a success/failure indication.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
On the first invocation of pcap_dispatch(), pcap_loop(), or pcap_next(), or pcap_next_ex() following a pcap_open_live(),
|
|
Packit |
209cc3 |
the SMP will pass down the monitor start command and various parameters the IOP should use.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The IOP now sends a stream of captured data.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The SMP reads only the next packet from the reverse channel of the connection
|
|
Packit |
209cc3 |
between the SMP and the IOP that provides the captured data (via calling pcap_dispatch()
|
|
Packit |
209cc3 |
with a count of 1) and returns seperate pointers to both the
|
|
Packit |
209cc3 |
packet header and packet data by invoking an internal callback.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The IOP continues to listen for additional commands as well as capturing and forwarding data to the SMP.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_setfilter()
|
|
Packit |
209cc3 |
Used to specify a filter program.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The SMP sends a 'set filter' command followed by the BPF commands.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The IOP returns a null terminated error string if it failed to accept the filter.
|
|
Packit |
209cc3 |
If no error occured, then a NULL terminated empty string is returned instead.
|
|
Packit |
209cc3 |
Errors are:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
"Invalid BPF."
|
|
Packit |
209cc3 |
"Insufficient resources for BPF."
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_stats()
|
|
Packit |
209cc3 |
Fills in a pcap_stat struct with packet statistics.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The SMP sends a message to the IOP requesting its statistics.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The IOP returns the statistics.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The SMP fills in the structure provided with the information retrieved from the IOP.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_close()
|
|
Packit |
209cc3 |
Closes the file and deallocates resources.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The SMP closes the file descriptor, and if the descriptor is that of
|
|
Packit |
209cc3 |
the comminucation session with an IOP, it too is terminated.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
If the IOP detects that its communication session with an SMP
|
|
Packit |
209cc3 |
has closed, it will terminate any monitoring in progress,
|
|
Packit |
209cc3 |
release any resources and close its end of the session.
|
|
Packit |
209cc3 |
It will not maintain persistance of any information or prior mode of operation.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP/IOP Inter-Process Communication Protocol
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Communications between an SMP and an IOP consists of a TCP session
|
|
Packit |
209cc3 |
between an ephemeral port on the SMP and the well known port of 49152
|
|
Packit |
209cc3 |
(which is the first available port in the 'dynamic and/or private port'
|
|
Packit |
209cc3 |
range) on an IOP.
|
|
Packit |
209cc3 |
Following a TCP open operation the IOP receives a null terminated
|
|
Packit |
209cc3 |
'interface ID' string to determine the type of operation that follows:
|
|
Packit |
209cc3 |
Every command received by an IOP implies a 'stop trace/stop forwarding' operation must
|
|
Packit |
209cc3 |
occur before executing the received command.
|
|
Packit |
209cc3 |
A session is closed when the SMP closes the TCP session with the IOP.
|
|
Packit |
209cc3 |
Obviously monitoring and forwarding is also stopped at that time.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Note: All multi-octet entities are sent in network neutral order.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_findalldevs()
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
Open socket (to each IOP), and sends:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Name/ Purpose
|
|
Packit |
209cc3 |
Size (in bytes)
|
|
Packit |
209cc3 |
Description
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Interface ID
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
A NULL to indicate an empty 'interface ID'.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
Send its (possibly empty) NULL terminated error response string.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
Sends the 'interface query request':
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Name/ Purpose
|
|
Packit |
209cc3 |
Size (in bytes)
|
|
Packit |
209cc3 |
Description
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Interface ID
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
A 'Q' (indicating 'interface query request').
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
The IOP returns a list of sequences of information as
|
|
Packit |
209cc3 |
defined by the return parameter of this function call (as shown in the following table).
|
|
Packit |
209cc3 |
Elements are specified by providing an unsigned byte preceeding the actual data that contains length information.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Notes:
|
|
Packit |
209cc3 |
Name/ Purpose
|
|
Packit |
209cc3 |
Size (in bytes)
|
|
Packit |
209cc3 |
Description
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
length
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
The number of octets in the name field that follows.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Name
|
|
Packit |
209cc3 |
1-255
|
|
Packit |
209cc3 |
The name of the interface. The format of the name is an alphabetic string (indicating
|
|
Packit |
209cc3 |
the type of interface) followed by an optional numeric string (indicating the interface's
|
|
Packit |
209cc3 |
sequence number).
|
|
Packit |
209cc3 |
Sequence numbers (if needed) will begin at zero and progress monotonically upwards.
|
|
Packit |
209cc3 |
(i.e. 'eth0', 'lo', 'wan0', etc.)
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
For an IOP, the alphabetic string will be one of: 'eth', 'wan', and 'lo'
|
|
Packit |
209cc3 |
for Ethernet, WAN ports and the IP loopback device respectively.
|
|
Packit |
209cc3 |
An IOP currently supports: 'eth0', 'eth1', 'lo', 'wan0' ... 'wan7'.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Note: IOPs and ACNs will not currently support the concept of 'any' interface.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
length
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
The number of octets in the interface description field that follows.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Interface Description
|
|
Packit |
209cc3 |
0-255
|
|
Packit |
209cc3 |
A description of the interface or it may be an empty string. (i.e. 'ALC')
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Interface Type
|
|
Packit |
209cc3 |
4
|
|
Packit |
209cc3 |
The type of interface as defined in the description for pcap_datalink() (in network neutral order).
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Loopback Flag
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
1 = if the interface is a loopback interface, zero = otherwise.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
count
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
# of address entries that follow.
|
|
Packit |
209cc3 |
Each entry is a series of bytes in network neutral order.
|
|
Packit |
209cc3 |
See the parameter definition above for more details.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Repeated 'count' number of times.
|
|
Packit |
209cc3 |
length
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
The number of octets in the address field that follows.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Address
|
|
Packit |
209cc3 |
1-255
|
|
Packit |
209cc3 |
The address of this interface (in network neutral order).
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
length
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
The number of octets in the netmask field that follows.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Network Mask
|
|
Packit |
209cc3 |
0-255
|
|
Packit |
209cc3 |
The network mask used on this interface (if applicable) (in network neutral order).
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
length
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
The number of octets in the broadcast address field that follows.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Broadcast Address
|
|
Packit |
209cc3 |
0-255
|
|
Packit |
209cc3 |
The broadcast address of this interface (if applicable) (in network neutral order).
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
length
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
The number of octets in the destination address field that follows.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Destination Address
|
|
Packit |
209cc3 |
0-255
|
|
Packit |
209cc3 |
The destination address of this interface (if applicable) (in network neutral order).
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
Close the socket.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
Close the socket.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_open_live()
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
Open socket, and sends:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Name/ Purpose
|
|
Packit |
209cc3 |
Size (in bytes)
|
|
Packit |
209cc3 |
Description
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Interface ID
|
|
Packit |
209cc3 |
'n'
|
|
Packit |
209cc3 |
'n' octets containing a NULL terminated interface name string.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
Send its NULL terminated error response string.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_dispatch() pcap_loop() pcap_next() pcap_next_ex()
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
On the first invocation following a pcap_open_live() or pcap_breakloop() additional information is sent:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Name/ Purpose
|
|
Packit |
209cc3 |
Size (in bytes)
|
|
Packit |
209cc3 |
Description
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
command
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
'M' (indicating 'monitor start')
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
snaplen
|
|
Packit |
209cc3 |
4
|
|
Packit |
209cc3 |
snaplen
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
timeout
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
timeout value (in milliseconds)
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
promiscuous
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
A flag indicating that the interface being monitored show operate
|
|
Packit |
209cc3 |
in promiscuous mode. [off(0) / on(NZ)]
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
direction
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
A flag indicating the direction of traffic that should be captuted [both(0) / in(1) / out(2)]
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
Sends captured packets.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_setfilter()
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
At any time, the SMP can issue a set filter command which contains
|
|
Packit |
209cc3 |
an indicator, a count of the number of statements in the filter,
|
|
Packit |
209cc3 |
followed by the sequence of filter commands represented as a sequence
|
|
Packit |
209cc3 |
of C-style structures.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Name/ Purpose
|
|
Packit |
209cc3 |
Size (in bytes)
|
|
Packit |
209cc3 |
Description
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
command
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
'F' (indicating 'filter')
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
count
|
|
Packit |
209cc3 |
4
|
|
Packit |
209cc3 |
The number of command in the Berkeley Packet Filter that follow.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
BPF program
|
|
Packit |
209cc3 |
'n'
|
|
Packit |
209cc3 |
8 bytes of each command (repeated 'n' times).
|
|
Packit |
209cc3 |
Each command consists of that C-style structure which contains:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Name/ Purpose
|
|
Packit |
209cc3 |
Size (in bytes)
|
|
Packit |
209cc3 |
Description
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
opcode
|
|
Packit |
209cc3 |
2
|
|
Packit |
209cc3 |
The command's opcode.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
'jt'
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
The 'jump if true' program counter offset.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
'jf'
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
The 'jump if false' program counter offset.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
'k'
|
|
Packit |
209cc3 |
4
|
|
Packit |
209cc3 |
The 'other' data field.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Refer to the bpf(4) man page for more details.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
In return the IOP will send its (possibly empty) NULL terminated error response string.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_stats()
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
At any time, the SMP can issue a 'retrieve statistics' command which contains:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Name/ Purpose
|
|
Packit |
209cc3 |
Size (in bytes)
|
|
Packit |
209cc3 |
Description
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
command
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
'S' (indicating 'request statistics')
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
IOP -> SMP
|
|
Packit |
209cc3 |
In return the IOP will send:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Name/ Purpose
|
|
Packit |
209cc3 |
Size (in bytes)
|
|
Packit |
209cc3 |
Description
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
ps_recv
|
|
Packit |
209cc3 |
4
|
|
Packit |
209cc3 |
The number of packets that passed the filter.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
ps_drop
|
|
Packit |
209cc3 |
4
|
|
Packit |
209cc3 |
The number of packets that were dropped because the input queue was full,
|
|
Packit |
209cc3 |
regardless of whether they passed the filter.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
ps_ifdrop
|
|
Packit |
209cc3 |
4
|
|
Packit |
209cc3 |
The number of packets dropped by the network inteface
|
|
Packit |
209cc3 |
(regardless of whether they would have passed the input filter).
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pcap_close()
|
|
Packit |
209cc3 |
SMP -> IOP
|
|
Packit |
209cc3 |
At any time, the SMP can close the TCP session with the IOP.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Interface ID Naming Convention
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Each interface within an IOP will be referred to uniquely. Since an currently contains
|
|
Packit |
209cc3 |
8 monitorable WAN ports and a monitorable Ethernet port, the naming convention is:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
<CENTER>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Interface # Type Name
|
|
Packit |
209cc3 |
1 WAN wan0
|
|
Packit |
209cc3 |
2 WAN wan1
|
|
Packit |
209cc3 |
3 WAN wan2
|
|
Packit |
209cc3 |
4 WAN wan3
|
|
Packit |
209cc3 |
5 WAN wan4
|
|
Packit |
209cc3 |
6 WAN wan5
|
|
Packit |
209cc3 |
7 WAN wan6
|
|
Packit |
209cc3 |
8 WAN wan7
|
|
Packit |
209cc3 |
9 Ethernet eth0
|
|
Packit |
209cc3 |
10 Ethernet eth1
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
</CENTER>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Packet Trace Data Format
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The format of the trace data that is sent to the SMP follows a portion of the libpcap file format
|
|
Packit |
209cc3 |
and is summarized here. This format specifies the generic requirements needed to
|
|
Packit |
209cc3 |
be able to decode packets, but does not cover ACN specifics such as custom MAC addressing
|
|
Packit |
209cc3 |
and WAN protocol support.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Although a libpcap file begins with a global header followed by zero or
|
|
Packit |
209cc3 |
more records for each captured packet, trace data sent to the SMP does NOT begin with a global header.
|
|
Packit |
209cc3 |
A trace sequence looks like this:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
[Packet Header]
|
|
Packit |
209cc3 |
[Packet Data]
|
|
Packit |
209cc3 |
[Packet Header]
|
|
Packit |
209cc3 |
[Packet Data]
|
|
Packit |
209cc3 |
[Packet Header]
|
|
Packit |
209cc3 |
[Packet Data]
|
|
Packit |
209cc3 |
...
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Packet Header
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Each captured packet starts with a header that contains the following values
|
|
Packit |
209cc3 |
(in network neutral order):
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
<FONT SIZE=-1>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
uint32 tv_sec; /* timestamp seconds */
|
|
Packit |
209cc3 |
uint32 tv_usec; /* timestamp microseconds */
|
|
Packit |
209cc3 |
uint32 caplen; /* number of octets in the following packet */
|
|
Packit |
209cc3 |
uint32 len; /* original length of packet on the wire */
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
</FONT>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
tv_sec
|
|
Packit |
209cc3 |
The date and time when this packet was captured.
|
|
Packit |
209cc3 |
This value is in seconds since January 1, 1970 00:00:00 GMT;
|
|
Packit |
209cc3 |
this is also known as a UN*X time_t. You can use the ANSI C
|
|
Packit |
209cc3 |
time() function from time.h to get this value,
|
|
Packit |
209cc3 |
but you might use a more optimized way to get this timestamp value.
|
|
Packit |
209cc3 |
If this timestamp isn't based on GMT (UTC), use thiszone
|
|
Packit |
209cc3 |
from the global header for adjustments.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
tv_usec
|
|
Packit |
209cc3 |
The microseconds when this packet was captured, as an offset to ts_sec.
|
|
Packit |
209cc3 |
Beware: this value must never reach 1 second (1,000,000),
|
|
Packit |
209cc3 |
in this case ts_sec must be increased instead!
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
caplen
|
|
Packit |
209cc3 |
The number of bytes actually provided in the capture record.
|
|
Packit |
209cc3 |
This value should never become larger than len or the
|
|
Packit |
209cc3 |
snaplen value specified during the capture.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
len
|
|
Packit |
209cc3 |
The length of the packet "on the wire" when it was captured.
|
|
Packit |
209cc3 |
If caplen and len differ, the actually
|
|
Packit |
209cc3 |
saved packet size was limited by the value of snaplen specified
|
|
Packit |
209cc3 |
during one of the capture directives such as pcap_dispatch().
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Packet Data
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The actual packet data will immediately follow the packet header as a sequence of caplen octets.
|
|
Packit |
209cc3 |
Depending on the DLT encoding number assigned to the interface, the packet data will contain an additional
|
|
Packit |
209cc3 |
custom header used to convey WAN port related information.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
ACN Custom Packet Header
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
PCAP, Wireshark and Tcpdump enhancements have been added to the ACN to support
|
|
Packit |
209cc3 |
monitoring of its ports, however each of these facilities were focused on capturing
|
|
Packit |
209cc3 |
and displaying traffic from LAN interfaces. The SITA extentions to these facilities
|
|
Packit |
209cc3 |
are used to also provide the ability to capture, filter, and display information from
|
|
Packit |
209cc3 |
an ACN's WAN ports.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Although each packet follows the standard libpcap format, since there are
|
|
Packit |
209cc3 |
two types of interfaces that can be monitored, the format of the data
|
|
Packit |
209cc3 |
packet varies slightly.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
For Ethernet (like) devices, the packet format is unchanged from the standard Pcap format.
|
|
Packit |
209cc3 |
For WAN devices, the packet contains a 5 byte header that preceeds the actual captured data
|
|
Packit |
209cc3 |
described by the following table:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
<CENTER>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Octet
|
|
Packit |
209cc3 |
Name
|
|
Packit |
209cc3 |
Mask/Value
|
|
Packit |
209cc3 |
Definition
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
0
|
|
Packit |
209cc3 |
Control / Status
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxxxxxx0</FONT>
|
|
Packit |
209cc3 |
Transmitted by capture device
|
|
Packit |
209cc3 |
(see 'Errors' octets)
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxxxxxx1</FONT>
|
|
Packit |
209cc3 |
Received by capture device
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">1xxxxxxx</FONT>
|
|
Packit |
209cc3 |
No buffer was available during capture of previous packet.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
1
|
|
Packit |
209cc3 |
Signals
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxxxxxx1</FONT> DSR asserted
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxxxxx1x</FONT> DTR asserted
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxxxx1xx</FONT> CTS asserted
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxxx1xxx</FONT> RTS asserted
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxx1xxxx</FONT> DCD asserted
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xx1xxxxx</FONT> Undefined
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">x1xxxxxx</FONT> Undefined
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">1xxxxxxx</FONT> Undefined
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
2
|
|
Packit |
209cc3 |
Errors (octet 1)
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Tx Rx
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxxxxxx1</FONT> Underrun Framing
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxxxxx1x</FONT> CTS Lost Parity
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxxxx1xx</FONT> UART Error Collision
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxxx1xxx</FONT> Re-Tx Limit Reached Long Frame
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxx1xxxx</FONT> Undefined Short Frame
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xx1xxxxx</FONT> Undefined Undefined
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">x1xxxxxx</FONT> Undefined Undefined
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">1xxxxxxx</FONT> Undefined Undefined
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
3
|
|
Packit |
209cc3 |
Errors (octet 2)
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Tx Rx
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxxxxxx1</FONT> Undefined Non-Octet Aligned
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxxxxx1x</FONT> Undefined Abort Received
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxxxx1xx</FONT> Undefined CD Lost
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxxx1xxx</FONT> Undefined Digital PLL Error
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xxx1xxxx</FONT> Undefined Overrun
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">xx1xxxxx</FONT> Undefined Frame Length Violation
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">x1xxxxxx</FONT> Undefined CRC Error
|
|
Packit |
209cc3 |
<FONT FACE="COURIER">1xxxxxxx</FONT> Undefined Break Received
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
4
|
|
Packit |
209cc3 |
Protocol
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
<CENTER>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
0x01 - LAPB (BOP) <SUP> </SUP>
|
|
Packit |
209cc3 |
0x02 - Ethernet <SUP>1</SUP>
|
|
Packit |
209cc3 |
0x03 - Async (Interrupt IO) <SUP> </SUP>
|
|
Packit |
209cc3 |
0x04 - Async (Block IO) <SUP> </SUP>
|
|
Packit |
209cc3 |
0x05 - IPARS <SUP> </SUP>
|
|
Packit |
209cc3 |
0x06 - UTS <SUP> </SUP>
|
|
Packit |
209cc3 |
0x07 - PPP (HDLC) <SUP> </SUP>
|
|
Packit |
209cc3 |
0x08 - SDLC <SUP> </SUP>
|
|
Packit |
209cc3 |
0x09 - Token Ring <SUP>1</SUP>
|
|
Packit |
209cc3 |
0x10 - I2C <SUP> </SUP>
|
|
Packit |
209cc3 |
0x11 - DPM Link <SUP> </SUP>
|
|
Packit |
209cc3 |
0x12 - Frame Relay (BOP) <SUP> </SUP>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
</CENTER>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Note 1:
|
|
Packit |
209cc3 |
Ethernet and Token Ring frames will never be sent as DLT_SITA (with the 5 octet header),
|
|
Packit |
209cc3 |
but will be sent as their corresponding DLT types instead.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
</CENTER>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
|