Ask Your Question
0

Inability to Display "Link Down" Information in Wireshark for BLF Ethernet Data

asked 2023-08-08 05:36:22 +0000

zhaoxian gravatar image

I have noticed that when analyzing BLF (Binary Logging Format) records containing Ethernet data in Wireshark, the "Link Down" information is not displayed. However, I am able to view this information in CANoe. This limitation in Wireshark hinders the ability to fully analyze and interpret the captured Ethernet data. Is it possible to provide support or guidance on how to enable the display of "Link Down" information in Wireshark when analyzing BLF records containing Ethernet data?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-08-08 06:45:00 +0000

Guy Harris gravatar image

Is it possible to provide support or guidance on how to enable the display of "Link Down" information in Wireshark when analyzing BLF records containing Ethernet data?

In order to enable that display, you would have to:

  1. Modify the API of Wireshark's libwiretap library so that it has a mechanism by which a read from a file can return a record/block that represents a change in the status of a link on which the capture is being done.
  2. Modify the BLF reader code in that library to handle whatever type of objects contain indications of the link status changing (KLineStatusEvents, or whatever the right thing to call them is?) by returning them using that mechanism.
  3. Modifying Wireshark's libwireshark library so that it can handle that new record/block type by displaying the change to the line status.
  4. Compiling the modified version of Wireshark and using that version.

Or request that somebody else do that - for example, by making an enhancement request on the Wireshark issues list.

That's the only way to enable it; it's not as if there's an option that you need to turn on in order for it to work (that would make no sense - if Wireshark could do that, it should not require the user to turn on an option in order for it to work), the problem is that there's no code in Wireshark to do that.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-08-08 05:36:22 +0000

Seen: 362 times

Last updated: Aug 08 '23