Guy Harris wrote: > On Oct 31, 2010, at 12:29 AM, Martin Vidner wrote: >> please allocate a new network type for libpcap dump files, as >> described in >> http://wiki.wireshark.org/Development/LibpcapFileFormat#Global_Header >> . >> It is for dumping traffic on D-Bus, >> http://en.wikipedia.org/wiki/D-Bus >> , and the packets would contain raw D-Bus messages: >> http://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-messages > > I.e., starting with the endianness flag, followed by the message > type, etc.?
Yes. That also means that the authentication handshake before the message sequence is excluded. http://dbus.freedesktop.org/doc/dbus-specification.html#auth-protocol (sorry for the delay, I forgot to subscribe and missed the reply) Martin Vidner - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
