Wireshark · Wireshark-dev: Re: [Wireshark-dev] Hello to the list and a nested dissector

Wireshark-dev: Re: [Wireshark-dev] Hello to the list and a nested dissector

From: "Anders Broman" <anders.broman@xxxxxxxxxxxx>

Date: Wed, 18 Mar 2009 10:16:59 +0100

Hi,

Perhaps you are better off including the relevant TCAP and ROS ASN1 code in your ASN1 based dissector.

How is the actual application built?

Using a asn1 to target code generator? If so it should be possible to use the same ASN1 files?

Regards

Anders

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Gaetano Vocca
Sent: den 17 mars 2009 23:19
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Hello to the list and a nested dissector

Hi,

my TCAP looks somewhat simpler:

Transaction Capabilities Application Part

begin

Source Transaction ID

Transaction Id: 43000004

Components: 1 item

Item: invoke (1)

........

Data (276 bytes)

so I have neither oid field nor the ACN.

Do you think there is an alternative?

Thank you for your time

Gaetano

On 17/mar/09, at 17:01, Anders Broman wrote:

Hi,

How does the TCAP portion of your packet look?

Example:

Transaction Capabilities Application Part

begin

Source Transaction ID

Transaction Id: 2DB901

oid: 0.0.17.773.1.1.1 (dialogue-as-id)

dialogueRequest

application-context-name: 0.4.0.0.1.0.25.2 (shortMsgMT-RelayContext-v2)

:

In this case the GSM MAP dissector has:

register_ber_oid_dissector_handle("0.4.0.0.1.0.25.2", map_handle, proto_gsm_map,"shortMsgMT-RelayContext-v2" );

Hope this helps.

Regards

Anders

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of yagvoc-web@xxxxxxxx
Sent: den 17 mars 2009 15:24
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Hello to the list and a nested dissector

Hi,

I think I don't have such an identifier (x.y.z.a....). I checked the ASN.1 definition and couldn't find any.

Is there any way to create a "local" one just to link the tcap to this protocol? Then, as far as I understand, I should call register_ber_oid_dissector_handle passing the OID as parameter, right?

Thank you very much and sorry for this stuff that may sound banal

Gaetano

Da: Anders Broman <anders.broman@xxxxxxxxxxxx>
A: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Inviato: Martedì 17 marzo 2009, 10:27:23
Oggetto: Re: [Wireshark-dev] Hello to the list and a nested dissector

Hi,
Look at GSM MAP how it can be done. You have an OID for your protocol,
right?
Just register that OID with a callback and you'll be handed a tvb with
the data.
Regards
Anders

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Gaetano Vocca
Sent: den 16 mars 2009 20:50
To: wireshark-dev@xxxxxxxxxxxxx
Subject: Re: [Wireshark-dev] Hello to the list and a nested dissector

Thank you Anders for your answer.
I have already parsed the asn by means of asn2wrs, I have also developed
the dissection of the header, afterwards I use the call_tcap_dissector
function from the asn1/tcap dissector to have the TCAP layer decoded
and, in the end, I need to decode the TCAP component by means of my ASN1
protocol.
Now what I don't know is how to retrieve the Component content from the
parsed TCAP and pass it to the dissection of the inner protocol.

Thanks again
Gaetano

________________________________________________________________________
___
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev

mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________

Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>

Archives: http://www.wireshark.org/lists/wireshark-dev

Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev

mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Follow-Ups:
- Re: [Wireshark-dev] Hello to the list and a nested dissector
  - From: yagvoc-web

References:
- Re: [Wireshark-dev] Hello to the list and a nested dissector
  - From: Gaetano Vocca
- Re: [Wireshark-dev] Hello to the list and a nested dissector
  - From: Anders Broman
- Re: [Wireshark-dev] Hello to the list and a nested dissector
  - From: yagvoc-web
- Re: [Wireshark-dev] Hello to the list and a nested dissector
  - From: Anders Broman
- Re: [Wireshark-dev] Hello to the list and a nested dissector
  - From: Gaetano Vocca

Prev by Date: Re: [Wireshark-dev] Hello to the list and a nested dissector
Next by Date: Re: [Wireshark-dev] WS 1.1.3 release?
Previous by thread: Re: [Wireshark-dev] Hello to the list and a nested dissector
Next by thread: Re: [Wireshark-dev] Hello to the list and a nested dissector
Index(es):
- Date
- Thread