Wireshark-bugs: [Wireshark-bugs] [Bug 2509] SCCP dissector - assoc->calling_ssn or assoc-> calle
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2509
--- Comment #6 from João Fonseca <j.pedro.fonseca@xxxxxxxxxxxxxxx> 2008-04-30 03:49:56 GMT ---
Here are the hex dumps of two packets where the problem shows up:
Packet 1:
0000 83 08 01 9a 30 09 00 03 05 07 02 42 01 02 42 01 ....0... ...B..B.
0010 05 01 8e 60 03 00 8e 60 88 00 00 75 00 00 00 00 ...`...` ...u....
0020 00 00 00 00 00 00 00 00 00 00 00 1c 4d 53 ba 91 ........ ....MS..
Packet 2:
0000 83 68 02 42 00 01 00 00 00 02 02 06 04 43 68 02 .h.B.... .....Ch.
0010 8e 0f 4e 00 13 40 4a 00 00 06 00 03 40 01 00 00 ..N..@J. ....@...
0020 0f 40 06 00 09 f1 11 2c 11 00 3a 40 08 00 09 f1 .@....., ..:@....
0030 11 2c 11 01 de 00 10 40 18 17 05 08 61 09 f1 11 .,.....@ ....a...
0040 2c 11 4f 08 99 10 11 12 21 01 41 82 33 03 4f 08 ,.O..... !.A.3.O.
0050 00 00 4f 40 03 00 00 0a 00 56 40 05 09 f1 11 00 ..O@.... .V@.....
0060 0b 11 01 0f 00 00 00 00 c8 00 04 2f 61 09 f1 11 ........ .../a...
0070 2c 11 4f 08 99 10 11 12 21 01 41 82 33 03 4f 08 ,.O..... !.A.3.O.
0080 00 00 4f 40 03 00 00 0a 00 00 00 6c 8d 2c 7c d9 ..O@.... ...l.,|.
These are ATM AAL5 frames, containing both padding and the AAL5 trailer. To
view them on wireshark, you'll probably have to cut them off, keeping only the
data payload (packet 1: 28 bytes, packet 2: 108 bytes).
Also, you have to set some Wireshark preferences:
-ATM: "Dissect LANE as SSCOP"
-SSCOP: "SSCOP Payload Protocol" SSCF-MTP3-b
The second frame shows as RANAP in the packet list, but the packet detail
decodes it as SCCPMG. The SSN is 142, so this is a RANAP frame.
On the original capture file, containing more frames, the second packet shows
as SCCPMG even in the packet list.
Hope this helps.
Thanks,
Joao Fonseca
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.