Wireshark-users: Re: [Wireshark-users] Wish to Decode MTP2 message encapsulated inside UDP header
From: "Satish Chandra" <satishchandra.lko@xxxxxxxxx>
Date: Sat, 27 Dec 2008 01:45:06 +0530
Hi,

I have got a mtp2 hex dump. I have written a trivial client/server program and running both on my system. I am passing this mtp2 hex dump on the udp socket using the client program. I use wireshark to capture the packet on my ethernet card. So, in this way, complete mtp2 message gets encapsulated inside an UDP packet. Wireshark is able to capture the UDP packet but not able to decode it. It shows the complete mtp2 packet as Data. I tried the same for SCTP packets and it was successfully decoded.

I also tried adding the following code to packet-mtp2.c file:
dissector_add("udp.port", 2906, mtp2_handle);           /* 2906 is an arbitrary port */

compiled again, but still no success.

Although dissectors of both the protocols are present, I think, I just need to some how invoke mtp2 dissector after UDP dissector.

Can anyone help me please.

Thanks Regards,
Satish Chandra

On Fri, Dec 26, 2008 at 9:24 PM, Abhik Sarkar <sarkar.abhik@xxxxxxxxx> wrote:
Hi Satish,

Is the entire MTP2 packet encapsulated in a UDP datagram as it is?
What is the source of this UDP data stream? Just in case you are using
the Cisco paklog functionality, you need to Decode As syslog and try.

HTH
Abhik.

On Fri, Dec 26, 2008 at 7:34 PM, Satish Chandra
<satishchandra.lko@xxxxxxxxx> wrote:
> Hi,
>
> I wish to decode a MTP2 message which is encapsulated with UDP header, but
> wireshark shows the complete message as Data and doesn't decodes it.
>
> I tried to use the "Decode As" option but was surprised to see that MTP2 was
> missing from the list for UDP message.
>
> Can anyone help me with this. If it is not possible via configuration, can I
> modify the dissector code of UDP or MTP2 so that MTP2 packets inside UDP
> header are dissected. Where can I find the source code of UDP and MTP2
> protocol dissectors for wireshark?
>
> --
> Thanks Regards,
> Satish Chandra
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Thanks Regards,
Satish Chandra