[Winpcap-users] Using DLT_USERx link type for unknown protocol

c-keel at gmx.de c-keel at gmx.de
Mon Jun 4 17:49:21 GMT 2007


I am using Windows XP and WinPcap 4.0. 

I want to use a protocol analyzer to analyze a protocol that WinPcap is not
able to capture. Because of that I want to adapt the WinPcap libraries to
fit my needs. I'd like to do this with as less effort as possible. I want to
use the DLT_USER0 for my protocol. The protocol defines layer 1 and 2 of the
OSI model and as already mentioned, WinPcap has no idea of it by now.

The problem is that I have to tell wpcap.dll that the link type of my
protocol is DLT_USER0. I thought I could do that in PacketGetNetType of the

But there are 2 problems with that: 
- I can't set DLT_USER0 in PacketGetNetType (am I already wrong here?) 
- even if I could do this, unfortunately pcap_open_live from wpcap.dll calls
this function and after calling this function it checks the link type with
the effect that the unknown DLT_USER0 would be assumed to be ethernet (But
my protocol is neither ethernet nor ethernet based).

So what is the purpose of the DLT_USERx link types and how should one use
them? And what about the various other link type values defined in
pcap-bpf.h? How are they assigned? 

I'd like to tell the application that it is DLT_USER0. I'd like to do that
by only changing the packet.dll because there are some changes I have to
make in it.

I'd appreciate any help on that. 


More information about the Winpcap-users mailing list