Wireshark-dev: Re: [Wireshark-dev] gsm_map dissector question
From: "Anders Broman \(AL/EAB\)" <anders.broman@xxxxxxxxxxxx>
Date: Mon, 26 Mar 2007 10:50:11 +0200
Hi,
If you could supply a sample trace we could see what can be done.
Best regards
Anders

________________________________

From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of Abhik Sarkar
Sent: Mon 3/26/2007 9:49 AM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] gsm_map dissector question



Hi List,

I have been capturing and decoding some live traffic on a GSM network,
and find a problem in decoding of GSM MAP operations.

The GSM MAP dissector is currently based on 3GPP TS 29.002 v7.5.0.
This leads to incorrect decoding of packets which are working on lower
MAP versions. For example, a MAP v2 ShortMsgMT-Relay gets decoded as
MAP v3 ShortMsgMO-Relay (because the opcodes are same). This leads to
all kinds of warnings, and sometimes incorrect decoding.

I don't suppose there is a (simple) way around this, is there? I guess
a complex (and resource hungry) method would be for the TCAP dissector
to follow dialogs and then pass the application context information to
the MAP dissector for MAP to interpret the operation based on the
application context in addition to the op-code.

I am sorry if this has already been discussed, I searched the
archives, but could not find anything relevant... perhaps I didn't use
the correct search string.

Thanks,
Abhik.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev


<<winmail.dat>>