praveen.jha wrote:
> Is the dissection of NAS PDUs contained in RRC messages supported in
> release 1.0 of wireshark?
Hi Praveen,
yes, this is supported. Currently the RRC decoder uses DL-DCCH-Message
as its entry point for the RRC protocol. You therefore have to find
a way to also enable decoding for the other RRC message types. In a
Lua-enabled Wireshark the following (used with a small shell script
which adds the corresponding message type and text2pcap -l 148)
works quite well for me:
rrcmon_proto = Proto("rrcmon","rrcmon","rrcmon Protocol")
function rrcmon_proto.dissector(buffer,pinfo,tree)
local rrc_dl_dcch_dissector = Dissector.get("rrc.dl.dcch")
local rrc_ul_dcch_dissector = Dissector.get("rrc.ul.dcch")
local rrc_dl_ccch_dissector = Dissector.get("rrc.dl.ccch")
local rrc_ul_ccch_dissector = Dissector.get("rrc.ul.ccch")
local type = buffer(0,1):uint()
local payload = buffer(1):tvb()
if (type == 2) then
pinfo.cols.protocol = "RRC DL-DCCH"
rrc_dl_dcch_dissector:call(payload,pinfo,tree)
elseif (type == 3) then
pinfo.cols.protocol = "RRC UL-DCCH"
rrc_ul_dcch_dissector:call(payload,pinfo,tree)
elseif (type == 4) then
pinfo.cols.protocol = "RRC DL-CCCH"
rrc_dl_ccch_dissector:call(payload,pinfo,tree)
elseif (type == 5) then
pinfo.cols.protocol = "RRC UL-CCCH"
rrc_ul_ccch_dissector:call(payload,pinfo,tree)
end
end
do
local wtap_encap_table = DissectorTable.get("wtap_encap")
wtap_encap_table:add(wtap.USER1, rrcmon_proto)
end
Regards,
Reinhard
