[Winpcap-users] Pcap_list_datalinks return bad number of links.
Steve Beaudoin
steve.a.beaudoin at gmail.com
Fri Aug 25 16:26:31 GMT 2006
Thank you for the precisions.
-----Original Message-----
From: winpcap-users-bounces at winpcap.org
[mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Guy Harris
Sent: August 24, 2006 21:29
To: winpcap-users at winpcap.org
Subject: Re: [Winpcap-users] Pcap_list_datalinks return bad number of links.
On Aug 24, 2006, at 3:11 PM, Steve Beaudoin wrote:
> You are absolutely right. The received array was the wrong item of
> the two. Following your suggestion, I changed my ref int[] for a
> ref IntPtr and I now receive two items, the other one is DOCSIS
> (Data Over Cable Service Interface Specifications,
http://en.wikipedia.org/wiki/DOCSIS
> for those interested) as I have a cable modem.
No, the other one is DOCSIS because
1) you have an Ethernet (or something that claims to be an Ethernet)
and
2) Cisco has a device, the Cisco Cable Modem Termination System:
http://www.cisco.com/en/US/tech/tk86/tk804/tsd_technology_support_protocol_h
ome.html
that can be configured to take raw DOCSIS frames and transmit
them
on an Ethernet (using only the low-level Ethernet framing and *no*
encapsulation, so the first byte of the Ethernet frame is the first
byte of the DOCSIS frame, *NOT* the first byte of an Ethernet
destination MAC address):
http://www.cisco.com/univercd/cc/td/doc/product/cable/cab_rout/cmtsfg/ufg_cm
on.htm#wp1031861
so that a network analyzer can capture and process them.
Wireshark is one analyzer that can process DOCSIS frames; if you're
plugged into an "Ethernet" that's connected to a Cisco CMTS, and the
CMTS is putting DOCSIS frames on the Ethernet, you'd capture with the
link-layer type set to DOCSIS, which would cause the device to appear
to have a link-layer type of DOCSIS and thus cause Wireshark to
analyzer the frames as DOCSIS frames.
Unless your cable modem has a similar capability, or you have some
device that can capture on the cable side of the cable modem, you
won't be able to see DOCSIS frames.
_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list