Wireshark · Wireshark-users: Re: [Wireshark-users] issue regarding run-time heuristic dissecting NR -RRC .

[Vikas Theng <thengvikas2017@xxxxxxxxx>]

Hello , 

I am trying to dissect mac-nr exported pdu, it is showing mac-nr in wireshark but not able to dissect complete message. 
I have added mac exported pdu heuristics and mac nr heuristics. please find attachment.  

On Fri, Feb 7, 2020 at 7:26 PM Pascal Quantin <pascal@xxxxxxxxxxxxx> wrote:

Hi Vikas,

Le ven. 7 févr. 2020 à 14:42, Vikas Theng <thengvikas2017@xxxxxxxxx> a écrit :

Hello.,
 I am trying to dissect the runtime MIB message, but runtime It is showing only LLC protocol.
When I am converting text to pcap using text2pcap -l 252 file.txt file.pacpng and load file pcap file manually it is showing NR RRC protocol but run-time it is failing and showing LLC protocol. please guide me.

 

your text2pcap command creates a file with a linktype set to 252 which corresponds to WIreshark Upper PDU format.

Whatever mechanism you use to generate your runtime stream should use this linktype if you want to be able to decode it. If another linktype is given in the stream, you will get a wrong decoding (like LLC for example).

Alternatively you could write your own encapsulation protocol running on top of a well known UDP port for example, and then a small dissector calling the relevant NR RRC dissector when required (based on some meta data you would transmit in the UDP payload, along with the NR RRC message dump).

Best regards,

Pascal.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Attachment: Screenshot from 2020-02-26 11-47-13.png
Description: PNG image