Wireshark-bugs: [Wireshark-bugs] [Bug 5965] New: Wrong decode SCCP Unitdata message
Date: Fri, 27 May 2011 09:30:12 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5965 Summary: Wrong decode SCCP Unitdata message Product: Wireshark Version: 1.4.6 Platform: Other OS/Version: All Status: NEW Severity: Major Priority: Low Component: Wireshark AssignedTo: wireshark-bugs@xxxxxxxxxxxxx ReportedBy: evgenij.fokin@xxxxxxxxx Created an attachment (id=6414) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6414) SCCP UDT Build Information: Builded from wireshark-1.4.6.tar.bz2 The Wireshark package has been configured with the following options. Build wireshark : yes Build tshark : yes Build capinfos : yes Build editcap : yes Build dumpcap : yes Build mergecap : yes Build text2pcap : yes Build idl2wrs : yes Build randpkt : yes Build dftest : yes Build rawshark : yes Install dumpcap with capabilities : no Install dumpcap setuid : no Use dumpcap group : (none) Use plugins : yes Use lua library : no Use python binding : no Build rtp_player : no Use threads : no Build profile binaries : no Use pcap library : yes Use zlib library : yes Use pcre library : no (using GRegex instead) Use kerberos library : yes (MIT) Use c-ares library : no Use GNU ADNS library : no Use SMI MIB library : no Use GNU crypto library : yes Use SSL crypto library : no Use IPv6 name resolution : yes Use gnutls library : yes Use POSIX capabilities library : no Use GeoIP library : no -- Please look at "Pointer to first Mandatory Variable parameter". The address 0x63, the value 0x03. Q.713 page5 says: Coding of the pointers The pointer value (in binary) gives the number of octets between the most significant octet of the pointer itself (included) and the first octet (not included) of the parameter associated with that pointer2... It's mean than the first Mandatory Variable parameter starts from the address 0x66 the value 0x0d. But the wireshark decodes the first Mandatory Variable parameter from address 0x67 the value 0x11. Address 0x66 is ignored. Here is print of the package: Frame 1: 180 bytes on wire (1440 bits), 180 bytes captured (1440 bits) Linux cooked capture Internet Protocol, Src: 192.168.17.71 (192.168.17.71), Dst: 192.168.17.71 (192.168.17.71) Stream Control Transmission Protocol, Src Port: 2906 (2906), Dst Port: m3ua (2905) MTP 3 User Adaptation Layer Signalling Connection Control Part Message Type: Unitdata (0x09) .... 0000 = Class: 0x00 0000 .... = Message handling: No special options (0x00) Pointer to first Mandatory Variable parameter: 3 Pointer to second Mandatory Variable parameter: 16 Pointer to third Mandatory Variable parameter: 23 Called Party address (13 bytes) Address Indicator ..00 0000 0001 1101 = PC: 29 Global Title 0x4 (10 bytes) Calling Party address (7 bytes) Data (53 bytes) 0000 08 85 b0 b3 b8 22 9e bf e8 42 47 b3 b0 60 ab b3 ....."...BG..`.. 0010 70 4a 91 b3 d8 22 9e bf 3b 4d 65 73 73 61 67 65 pJ..."..;Message 0020 20 66 72 6f 6d 20 35 34 30 50 63 20 74 6f 20 35 from 540Pc to 5 0030 34 31 50 43 20 41PC -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
- Follow-Ups:
- [Wireshark-bugs] [Bug 5965] Wrong decode SCCP Unitdata message
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 5965] Wrong decode SCCP Unitdata message
- Prev by Date: [Wireshark-bugs] [Bug 5964] Integrate WiMax Protocol dissectors with GSMTAP
- Next by Date: [Wireshark-bugs] [Bug 5965] Wrong decode SCCP Unitdata message
- Previous by thread: [Wireshark-bugs] [Bug 5964] Integrate WiMax Protocol dissectors with GSMTAP
- Next by thread: [Wireshark-bugs] [Bug 5965] Wrong decode SCCP Unitdata message
- Index(es):