Ethereal-dev: Re: [Ethereal-dev] how to decode BER encoded ASN.1 messages over TCP?
Alexander W. Janssen wrote:
On Sun, Feb 15, 2004 at 05:27:36PM +0100, Matthijs Melchior wrote:
Hello Matthijs,
The ethereal ASN.1 dissector uses a type-table to describe the ASN.1 types
and values. This type-table is generated by 'snacc', a free ASN.1 compiler
suite, and in the configuration pane for the dissector you point it to such
a .tt file and mention the name of the top-level PDU and the port where
to expect these messages in a data stream.
Yes, i allready figured that out and used snacc to create the table-type. It
worked as expected. Good job! This is very handy for me :)
I just got one problem, sometimes it seems not to dissect the whole PDU; it
just shows "short frame" and the data seems to be crippled. I thought this was
due to fragments in the first place, but in none of the TCP packets the
more-fragments flag was set.
However, i think that the testdata i have is recorded with a too short
snaplength (tcpdump -s 94 is the default on that flavour of UNIX...). I will
first try and get complete test-data.
Yes, and make sure you have all the defragmenting and desegmenting options
switched on, so the dissector can construct complete asn1 messages.
Btw, is there a possibilty to filter for certain aspects? Something like
asn1.somemsg.someoption.parameter == something?
Yes, all the field names are entered in the display filter expression
dialogue
and you can select on their value. Furthermore, all types are entered too,
named like "asn1.--.Xyzzy" where you can select on their presence.
If any message in an IP packet matched, that packet is selected.
The source file for this dissector, plugins/asn1/packet-asn1.c in the
ethereal tree, contains some more documentation.
Will have a look. Any plans for PER/XER et al. decoding? Not that any of our
protocols use it, but who knows, our R&D changed slowly to a java-monkey
department... *shiver*
Yes, have been thinking about it, but it is very complex and not much time
at the moment...
Anyway, thank you for this very fine plugin! It's a blessing for people who
have to deal with all the ITU-T stuff.
Cheers, Alex.
Thanks,
--
Regards,
---------------------------------------------------------------- -o)
Matthijs Melchior Maarssen /\\
mmelchior@xxxxxxxxx Netherlands _\_v
---------------------------------------------------------------- ----