Ask Your Question
0

pcap: network type 285 unknown or unsupported - Unable to open Marvell DSA tagged pcap file

asked 2024-03-15 09:46:18 +0000

Mo gravatar image

I try to read a tcpdump capture that contains DSA tagged traffic from a Marvell Switch.

When I try to open the file in Wireshark, I get:

The file "eth0_mwe.pcap" contains record data that Wireshark doesn't support.
(pcap: network type 285 unknown or unsupported)

Do Iassume correctly that Wireshark does not support netwrok type 285, as hinted by this answer?

Still, I'm interested:

  • Is there any plan for support? Didn't find anything in the Development/Roadmap section
  • Is there any cheap work around? For example, it seems to me that one could write a Lua dissector for this, but I only skimmed their docs.

Right now I'm just displaying the packets with tcpdump on the command line, so it's not really a critical issue for me.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-03-16 00:14:23 +0000

Guy Harris gravatar image

Do Iassume correctly that Wireshark does not support netwrok type 285

Yes.

Is there any plan for support? Didn't find anything in the Development/Roadmap section

The roadmap is just a schedule; most new capabilities in Wireshark, including support for link-layer types, aren't planned, they just arrive if somebody decides to write code for them and submit a merge request.

edit flag offensive delete link more

Comments

epan/dissectors/packet-pcap_pktdata.c has a table that maps number to text description:

    { 284,  "DSA_TAG_DSA" },
    { 285,  "DSA_TAG_EDSA" },

Could/should the description be included in the error message?

Chuckc gravatar imageChuckc ( 2024-03-16 02:03:23 +0000 )edit

Could/should the description be included in the error message?

Not all programs that use libpcap include dissectors; editcap, for example, doesn't.

Guy Harris gravatar imageGuy Harris ( 2024-03-16 02:13:37 +0000 )edit

Is this "according to Hoyle"? Could the table be moved from the .c to a .h?
editcap.c:

#include "epan/etypes.h"
#include "epan/dissectors/packet-ieee80211-radiotap-defs.h"
Chuckc gravatar imageChuckc ( 2024-03-16 02:34:06 +0000 )edit

Could the table be moved from the .c to a .h?

Or either to libwireshark or libwsutil.

Guy Harris gravatar imageGuy Harris ( 2024-03-16 06:40:51 +0000 )edit

Thanks for the answer. @Chuckc Good idea. One reason for this question was that others can find the cause of the error more quickly. But as I didn't find any other people wanting to know about this error, I'm not sure if it is worth the effort.

Mo gravatar imageMo ( 2024-03-16 09:17:02 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2024-03-15 09:46:18 +0000

Seen: 121 times

Last updated: Mar 16

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2