Ethereal-dev: [Ethereal-dev] Ethereal 0.8.20 and WSP/GTP
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Denis A. Doroshenko" <cyxob@xxxxxxxxxxxxxxxx>
Date: Sat, 20 Oct 2001 00:53:52 +0200
hello,
tried 0.8.20, and it's really greatly improved since 0.8.19. we like
it much, it has some features, that commercial tools lack... we use
Ethereal to dissect WSP (with or without WTP) and use it with great
success on Gn links dissecting GTP. sure we was impressed with GTP
options with selection for CDR dissection, though when connected to
Ga we could not make Ethereal dissecting CDRs within GTP'...
ok, now to business...
now Ethereal dissects several WTP transactions within one packet
successfully (as truly written at changelog Nokia 8310 does this
in connection-mode). but... apparently Ethereal doesn't dissect
Reply to Get, complaining about malformed headers. these are the
very same packets 0.8.19 dissects with no problems.
OS:
OpenBSD 2.9 (stable branch and fresh release)
Ethereal:
0.8.20 from the sources, current as of 18 Sep 2001
GTK+:
1.2.10 (though the same thing happens to tethereal)
Sequence:
simple open the capture file, we've successfully analysed
with 0.8.19, or for example similar command:
tethereal -nlVr file -R 'gtpv0.tid == "IMSI+NSAPI"'
Dumps:
well, it's pity, but i may not provide you with the whole
packets because... because of some particular reasons. hope
you'll understand me. i know it is bad.
it seems the header it gets error on is a cache control header.
it looks like the following:
User Datagram Protocol, Src Port: 9201 (9201), Dst Port: 49200 (49200)
Source port: 9201 (9201)
Destination port: 49200 (49200)
Length: 391
Checksum: 0xabb2 (correct)
Wireless Transaction Protocol
0... .... = Continue Flag: No TPI
.001 0... = PDU Type: Result (0x02)
.... .01. = Trailer Flags: Last packet of message (0x01)
.... ...0 = Re-transmission Indicator: First transmission
1... .... .... .... = TID Response: Response
.000 1111 0101 0010 = Transaction ID: 0x0f52
Wireless Session Protocol
PDU Type: Reply (0x04)
Status: OK (0x20)
Headers Length: 57
Content Type: application/vnd.wap.wmlc (0x14)
Headers
Date: Oct 17, 2001 11:52:05.000000000
Server: Apache/1.3.9
X-powered-by: PHP/4.0.4pl1
Connection: Close (0x00)
[Malformed Frame: WSP]
hex dump of the same part:
0050 xx xx 23 f1 c0 30 01 87 ab b2 12 8f!52 04 20 39 ..#..0......R. 9
0060 94 92 04 3b cd 54 c5 a6 41 70 61 63 68 65 2f 31 ...;.T..Apache/1
0070 2e 33 2e 39 00 58 2d 70 6f 77 65 72 65 64 2d 62 .3.9.X-powered-b
0080 79 00 50 48 50 2f 34 2e 30 2e 34 70 6c 31 00 89 y.PHP/4.0.4pl1..
0090 80 88 02 82 80 8d 02 01 40 01 04 6a 00 ff 50 03 ........@..j..P.
00a0 6c 74 00 01 6c 01 7b e8 45 18 03 4f 4d 4e 49 54 lt..l.{.E..OMNIT
00b0 45 4c 00 01 ab 4a 03 2f 00 01 01 01 e7 36 03 4f EL...J./.....6.O
00c0 6d 6e 69 74 65 6c 20 57 41 50 00 01 60 ae 0c 03 mnitel WAP..`...
00d0 4f 6d 6e 69 74 65 6c 00 32 03 4f 6d 6e 69 2e 77 Omnitel.2.Omni.w
00e0 62 6d 70 00 01 01 60 dc 4a 03 69 6e 64 65 78 2e bmp...`.J.index.
00f0 70 68 70 3f 6d 61 69 6e 2c 35 33 32 34 00 01 03 php?main,5324...
0100 4e 61 75 6a 69 65 6e 6f 73 00 01 01 60 dc 4a 03 Naujienos...`.J.
0110 69 6e 64 65 78 2e 70 68 70 3f 6d 61 69 6e 2c 35 index.php?main,5
0120 33 32 37 00 01 03 50 72 61 6d 6f 67 6f 73 00 01 327...Pramogos..
0130 01 60 dc 4a 03 69 6e 64 65 78 2e 70 68 70 3f 6d .`.J.index.php?m
0140 61 69 6e 2c 35 33 32 32 00 01 03 22 4f 6d 6e 69 ain,5322..."Omni
0150 74 65 6c 22 20 70 61 73 6c 61 75 67 6f 73 00 01 tel" paslaugos..
0160 01 60 dc 4a 03 69 6e 64 65 78 2e 70 68 70 3f 6d .`.J.index.php?m
0170 61 69 6e 2c 35 33 32 38 00 01 03 4b 61 74 61 6c ain,5328...Katal
0180 6f 67 61 73 00 01 01 60 dc 4b a1 03 6f 6d 6e 69 ogas...`.K..omni
0190 74 65 6c 00 87 03 73 6b 65 6c 62 69 6d 61 69 2f tel...skelbimai/
01a0 77 61 70 2f 00 01 03 53 6b 65 6c 62 69 6d 61 69 wap/...Skelbimai
01b0 00 01 01 60 dc 4a 03 69 6e 64 65 78 2e 70 68 70 ...`.J.index.php
01c0 3f 6d 61 69 6e 2c 35 33 32 33 00 01 03 50 69 6e ?main,5323...Pin
01d0 69 67 61 69 00 01 01 01 01 igai.....
--
Let the Force be with You!..
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Denis A. Doroshenko internet services, unices, m$ os
System programmer and administrator programming, administering, consulting
mailto:cyxob@xxxxxxxxxxxxxxxx do you BSD? --> http://www.OpenBSD.org
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGiBDshRwIRBACWFW01QirBS91PmAaAmQ4k9mlbgYanI8EQnpeW+q7ABJaL8bYr
HzhNLvVatUxlscPy8HVxzSGYPluLBWRJ4xizuV+G3xwPPFkC1k1QnBSGCblkfVD1
SqK1IKYt6j7qsYp8qMD6utXKmeDALGIzlY8yC9tIwlU0rpfDvZd/idZouwCgrozA
pl0JuP2rLwMKBiv2QV4mqm0D/38HWZk2sLjrkh9hNuSxd5PTjWKnySmc4jrE5a7G
Ib9cMBNErDp+kxOF9dDTbQcjZSbdzMWR927snHaFAlMaqcUPiJ5h8aiaob/qtyoW
mKZoq8kYSoCvJ3DiBWvFGChOLXSnhMfFiILGhhQRNszuSKkHSVVrkyhQCLb4NQOk
ARrhA/9p+lEll0LWiqdJrh4rHoKfoI4ZiTOFKfUhTA/6OfoJ7RcRCzzPPspWLbhf
ecq9QU5Du9BseiWI0iQZG3qTr9HhvTD4mdPuhg3zJyJAjoY5oaFqw7/fuNjEKRHW
7eDdvQkQznLEWwiLxgMrzy8mZUQ4v2xlqkTLLZmBvtgXwYQgs7Q2RGVuaXMgQS4g
RG9yb3NoZW5rbyAocHJpdmF0ZSkgPGN5eG9iQHRoaWVmLmR5bmRucy5vcmc+iFcE
ExECABcFAjshRwIFCwcKAwQDFQMCAxYCAQIXgAAKCRCbcgjHkn0ccyl4AJ9ozYiL
AIwz0pNybugxU2ej431/XwCdFT5V+IONA6LFP64wPlnszsm770S5AQ0EOyFHFxAE
AMa2PBufYnEVYSF0vNaN/KWb9d9c8jLIYeanM1XBY9hwCxlQG7qB00hsAWsMSdwd
0TflnJg/rAjrOQ+jItB9dwdcaGDk52t9roZ3CVpXPPLs18VH5DnapqGsla+wSje7
qv2oi6Ga+ecYI3saYllCWfVgiejQDkov9KGuz6simwtTAAMFA/94R9KSj2BXreUa
Ag9E92oUnTvza7/tciW5UowDMQk3MzCX6k2Kw50daud2GN/E5pq1xO1k7hZc+Nne
Ph0RieGFZhoXdfmzg3gN5wL7JxsCVR4Yl4LpBsHYDRSuaJduf54eo9yv3mFKPpGw
5qxcPGxRdTco2MqmwI01Zo3rySpCnYhGBBgRAgAGBQI7IUcXAAoJEJtyCMeSfRxz
CMEAoKVwifd7si0G+RHSA7vGrHW8/hpNAKCdZ4wx2P0FLTH3S+H3mu6zROc6Bw==
=mSgQ
-----END PGP PUBLIC KEY BLOCK-----
- Follow-Ups:
- Re: [Ethereal-dev] Ethereal 0.8.20 and WSP/GTP
- From: Guy Harris
- Re: [Ethereal-dev] Ethereal 0.8.20 and WSP/GTP
- Prev by Date: Re: [Ethereal-dev] Some patches
- Next by Date: Re: [Ethereal-dev] Ethereal 0.8.20 and WSP/GTP
- Previous by thread: Re: [Ethereal-dev] Patch to bring packet-iscsi.c in line with protocol version 08
- Next by thread: Re: [Ethereal-dev] Ethereal 0.8.20 and WSP/GTP
- Index(es):
