Hi
I have a set of pcap-files containing the traffic generated when sending
a MMS. If I use mergecap to combine those pcaps into one pcap and open
this in WireShark I am able to see a nice "line" in the GUI containing
all info about the MMS - it has protocol "MMSE/SMIL" and contains "MMS
Message Encapsulation, Type: m-send-req" and "Content-type:
application/vnd.wap.multipart.related; type=application/smil;
start=0.smil". Using the treeview in the bottom of the GUI I can see all
parts (smil, images etc.). Very nice.
I also have a set of pcap-files containing the traffic generated when
receiving a MMS. I would like this to be nicely assembled for me just
like the MMS send. But it is not. I see a "line" in the GUI with
protocol "MMSE" and it contains "MMS Message Encapsulation, Type:
m-notifyresp-ind" and "Status: Delivered", but there is no actual
content of the MMS to be found. Guess it is just a confirmation message
that the message has been delivered to the phone. Besides that I see a
"HTTP GET" and a "HTTP/1.0 200 OK" (Using
http://wiki.wireshark.org/Mate/Examples/MMS?highlight=(MMS) it is marked
a MMS related, but not assembled MMS content to be found). In between
all this there are a lot of TCP "lines" to be found in WireShark, and I
guess the actual MMS content is in there somewhere. But no single "line"
in WireShark seems to assemble it for me, as it does for a sent MMS.
Questions:
- Is WireShark supposed to assemble a received MMS for me
out-of-the-box, just as it is able to do for a sent MMS?
- If yes, any suggestions on why it doenst happen i my case? Missing
packages? Dissector not applied?
- If no, anyone has an idea how I get WireShark to assemble my MMS
receive traffic into a nice "line" i WireShark allowing me to extract
the content of the MMS?
I am pretty new to WireShark so please thorough explaining for dummies :-)
Thanks alot!
Regards, Per Steffensen
