[pcap-ng-format] Proposing new block type for PCAP-NG (UNCLASSIFIED)
Renard, Kenneth D CIV USARMY ARL (US)
kenneth.d.renard.civ at mail.mil
Thu Mar 26 16:57:52 UTC 2015
Classification: UNCLASSIFIED
Caveats: NONE
Hello all!
I am new to the pcap-ng community and wanted to express my gratitude for the
work you have done with the specification as it can benefit us greatly. I
would like to propose some new ideas for block types and options that would
help us out and hopefully others in the community.
We are primarily interested in instrumenting and analyzing performance of
wireless networks for live and virtual test events. We are considering
pcap-ng
as a way to store and share network test data. There are a few additions
that
would make pcap-ng very useful to our community:
1. In the Section Header Block, I propose a new option 'shb_host'. This
would
be very similar to the existing shb_* fields, but specify the name of the
host
that executed the data collection
Name: shb_host
Code: 5?
Length: Variable
Description: An UTF-8 string containing the name of the host
used to create this section.
Example: "foo.bar.com", "Sensor XYZ", "Router X, Span port 4"
2. A proposed new block type: "Location Information Block". The purpose
is to provide some idea of where the capture is taking place. This could
be a descriptive location such as "DMZ", "Server Room", or "Starbucks". For
our purposes, it would be a geographic location specified in some format.
Specific formats could be: "Lattitude-Longitude-Altitude", "Orientation"
(pitch, yaw, roll), or "XYZ" (meters). This will be helpful in correlating
performance of wireless networks given some location and thus range
information. I propose some specifics here, which I would appreciate some
feedback on. I would like this to be useful beyond just our community.
Block Name: Location Information Block
Block Type: (4 bytes)
Block Total Length: (4 bytes)
InterfaceID: (4 Bytes)
Timestamp (High): (4 Bytes)
Timestamp (Low) (4 Bytes)
Options: Variable
Multiple Location Information Blocks would be allowed, so there is a need
to put a timestamp on each position record, and we should tie this to a
specific interface mostly so that we can use its timestamp precision.
This would also allow you to have multiple interfaces at different
locations.
The options would be where you store the specific location data.
Proposed option definitions for Location Information Block:
Option 2: Latitude-Longitude-Altitude (12 bytes):
Bytes 0-3: 32-bit signed integer
Latitude expressed in 10^-6
degrees. Example:
32786026 = 32.786026 degrees
Bytes 4-7: 32-bit signed integer
Longitude expressed in 10^-6
degrees. Example:
-96801908 = -96.801908 degrees
Bytes 8-11: 32-bit signed integer
Altitude expressed in meters
above mean sea level (MSL)
Option 3: Orientation (12 bytes):
Bytes 0-3: 32-bit signed integer
Pitch angle expressed in 10^-6
degrees. Example:
45000000 = 45.000000 degrees
Bytes 4-7: 32-bit signed integer
Roll angle expressed in 10^-6
degrees. Example:
115000000 = 115.00 degrees
Bytes 8-11: 32-bit signed integer
Yaw angle expressed in 10^-6
degrees. Example:
-500000 = -0.50 degrees
Option 4: X-Y-Z (12 bytes):
Bytes 0-3: 32-bit signed integer
X-axis distance meters from origin
Bytes 4-7: 32-bit signed integer
Y-axis distance meters from origin
Bytes 8-11: 32-bit signed integer
Z-axis distance meters from origin
Option 5: Description (Variable)
UTF-8 string containing some textual description of
location. (e.g. "DMZ", "Server Room", or "Starbucks")
All integer values would used the endian-ness as defined in the SHB.
I would appreciate any ideas or feedback on these proposed additions. I
plan
on implementing some code to generate example data files and possibly some
visualizations of packet traffic.
Thanks!
-Ken Renard
Classification: UNCLASSIFIED
Caveats: NONE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5573 bytes
Desc: not available
URL: <http://www.winpcap.org/pipermail/pcap-ng-format/attachments/20150326/820c6142/attachment.bin>
More information about the pcap-ng-format
mailing list