Wireshark-users: Re: [Wireshark-users] Problem to decode .rf5 INAP capture
From: "Anders Broman" <anders.broman@xxxxxxxxxxxx>
Date: Thu, 24 Jan 2008 11:49:22 +0100
Hi,
Is what Wireshark version are you using? 0.99.7? Is ssn included in SCCP?
Hav you tried "Edit->preferences->Inap and tied the ssn to INAP?
Regards
Anders


From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Pedro Herbello
Sent: den 24 januari 2008 11:35
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Problem to decode .rf5 INAP capture

Hi all,

I have a problem to decode a .rf5 (K12xx) capture.

I add a new match in the K12 Protocols preferences.

match: d:\k15\stacks\inap\spain01
_inap.stk
protos:mtp2

and, of course, the capture is decoded but just up to SCCP. No information about TCAP/INAP wich I need.

The spain01_inap.stk file looks as:

STACK        "ProtocolStack"    4    4
PATH        c:/k1205/stacks/inap/
LAYER        "MTP-L2"    ../../protocols/base/base.upd*    LOADED    "MTP Level 2"
LAYER        "SCCP"    ../../protocols/whibsccp/whibsccp.upd1    LOADED    "White Book SCCP"
LAYER        "SCMG"    ../../protocols/whibsccp/whibsccp.upd2    LOADED    "White Book SCCP Management"
LAYER        "INAP"    ../../protocols/inap/esp1inap.upd1    LOADED    "Telefonica de Espana CoreINAP, ER.n7.008 Ed 3a"
RELATION    "BASE"    "MTP-L2"    UNCOND
RELATION    "MTP-L2"    "SCCP"    PARAM    SIO    0b????0011
RELATION    "SCCP"    "SCMG"    PARAM    SSN    1
RELATION    "SCCP"    "INAP"    UNCOND
DECKRNL        "MTP-L2"    LSBF    UPD_DK
DECKRNL        "SCCP"    LSBF    UPD_DK
DECKRNL        "SCMG"    LSBF    UPD_DK
DECKRNL        "INAP"    MSBF    UPD_DK
SPC_CONF    14    "4-3-4-3"
CIC_CONF    12    "7-5"
LAYPOS        "BASE"    65    374    355    414
LAYPOS        "MTP-L2"    65    290    355    330
LAYPOS        "SCCP"    65    200    355    240
LAYPOS        "SCMG"    65    100    160    140
LAYPOS        "INAP"    260    100    355    140
 

 So, I tried, editing protos fiels as sccp:inap, mtp2:sccp, mtp2:scmg, ... but no way to see further than sccp part.

Do you have any clue about how to successfully decode such trace?

Thanks a lot,

/Pedro