Hi,
I think you should use a DLT
value of:
#define DLT_MTP2 140 /*
MTP2, without pseudo-header */
#define DLT_MTP3 141 /*
MTP3, without pseudo-header or MTP2 */
And possibly a
#define WTAP_ENCAP_MTP2 42
#define WTAP_ENCAP_MTP3 43
BR
Anders
-----Ursprungligt meddelande-----
Från:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] För Keith Fleming
Skickat: den 4 oktober 2006 17:06
Till: wireshark-users@xxxxxxxxxxxxx
Ämne: [Wireshark-users] Question
about parsing raw MTP3
I have taken some raw SS7
MTP3 data from our application and have converted it to pcap format. Wireshark
is able to pull this file in, but it is looking at it as if it was Ethernet. It
is expecting the first six octets to be the MAC address, etc. It is MTP3 data,
starting with the SIO octet, then the two 24 bit point codes, then the SLS,
etc.
Is it possible to tell
wireshark, “interpret this as MTP3 and don’t worry about there not
being any link-level (or lower) data”
I’m thinking there
has to be a way of short circuiting the lower layer dissectors. Any help is
appreciated. Thanks in advance.
The information contained in this message may be confidential to Kodiak
Networks, Inc. and its subsidiaries and protected from disclosure. If this
message did not reach the intended recipient, or an employee or agent
responsible for delivering it to the intended recipient, you are hereby
informed that any distribution or copying of this communication is prohibited.
If you have received this communication in error, please notify us immediately
by replying to the sender of the message and then delete the message. Thank
you.
