Ethereal-users: RE: [Ethereal-users] Using the asn1 plugin to decodeanarbitraryprotocol

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Anders Broman (AL/EAB)" <anders.broman@xxxxxxxxxxxx>
Date: Tue, 1 Nov 2005 16:42:42 +0100
Hi,
In order to use asn2eth you must of course be able to compile Ethereal.
 
As you noted the info is on the wiki asn2eth is in the folder ethereal/tools I'd recomend you to upgrade to the latest ethereal version as asn2eth is upgraded continously as are the PER and BER helpers.
under ethereal/asn1 you can find source files used to generate dissectors by asn2eth. If the protocol is a IN version INAP might be the protocol to look for othervise MAP_Dialogue is realy small and might provide
a good example.
 
Brg
Anders


From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Bob Bowman
Sent: den 1 november 2005 16:14
To: 'Ethereal user support'
Subject: RE: [Ethereal-users] Using the asn1 plugin to decodeanarbitraryprotocol

Anders,
 
Thanks for your speedy response.  I'm somewhat new to Ethereal, so I would appreciate some assistance navigating the site.  I found references to asn2eth in the wiki, but nothing in the User Guide or Developer guide.  I'm using Ethereal 0.10.10 for Windows and I don't see anything in the source tree or the installation directories.  Can you tell me where asn2eth is located (and perhaps where I could find some examples of files successfully used to generate a dissector)?
 
Thanks,
 
Bob Bowman


From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Anders Broman (AL/EAB)
Sent: Tuesday, November 01, 2005 6:58 AM
To: Ethereal user support
Subject: RE: [Ethereal-users] Using the asn1 plugin to decode anarbitraryprotocol

Hi,
If you have the asn1 spec it shouldn't be to much work to create a 'proper' dissector using asn2eth.
 
Brg
Anders


From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Bob Bowman
Sent: den 1 november 2005 13:44
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] Using the asn1 plugin to decode an arbitraryprotocol

Hello,
 
I am trying to use Ethereal to decode packets that contain ASN.1 encoded PDUs for protocols that are not supported by Ethereal (e.g. CALEA J-STD-25).  To that end, I have created ASN.1 type tables from the ASN.1 definitions for these protocols and configured the asn1 plugin to point to them.  However, I have not had much luck in successfully decoding packets containing ASN.1-encoded PDUs.  Ethereal recognizes the packets as being ASN.1-encoded, but does not properly decode the protocol defined in the type table.  Below is a snippet of the ethereal.log file records for the beginning of the first packet encountered. 
 
Can someone point me in the right direction?
 

dissect_asn1: udp

PDUreset 1-0

==off=0 U0p sp=1,pos=02251A88,tbl-choice[repeat]:SCF-information-object,0

  return 'explicit-EOC', ignore

PDUreset 1-1

==off=0 U0p sp=1,pos=02251A88,tbl-choice[repeat]:SCF-information-object,0

  return 'explicit-EOC', ignore

==off=2 X0p sp=1,pos=02251A88,tbl-choice[repeat]:SCF-information-object,0

  EOI, pos.node == 0

PDUreset 1-2

==off=2 U0p sp=1,pos=02251A88,tbl-choice[repeat]:SCF-information-object,0

  return 'explicit-EOC', ignore

==off=4 X0p sp=1,pos=02251A88,tbl-choice[repeat]:SCF-information-object,0

  EOI, pos.node == 0

PDUreset 1-3

==off=4 U0p sp=1,pos=02251A88,tbl-choice[repeat]:SCF-information-object,0

  return 'explicit-EOC', ignore

==off=6 X0p sp=1,pos=02251A88,tbl-choice[repeat]:SCF-information-object,0

  EOI, pos.node == 0

PDUreset 1-4

==off=6 U0p sp=1,pos=02251A88,tbl-choice[repeat]:SCF-information-object,0

  return 'explicit-EOC', ignore

==off=8 X0p sp=1,pos=02251A88,tbl-choice[repeat]:SCF-information-object,0

  EOI, pos.node == 0

PDUreset 1-5

==off=8 U0p sp=1,pos=02251A88,tbl-choice[repeat]:SCF-information-object,0

  return 'explicit-EOC', ignore

==off=10 X0p sp=1,pos=02251A88,tbl-choice[repeat]:SCF-information-object,0

  EOI, pos.node == 0

PDUreset 1-6

==off=10 U16p sp=1,pos=02251A88,tbl-choice[repeat]:SCF-information-object,0

    repeating choice

    choice [push], U0, SCF-information-object

    have U16, found C1, swn-scf-header

    have U16, found C2, swn-scf-ama

    have U16, found C3, swn-scf-trailer

    have U16, found C4, mpc-scf-exception

    have U16, found C5, msi-scf-normalized

    have U16, found C6, msi-scf-raw

    ...no matching choice...

    'SCF-information-object' U0 will be used

  candidate tbl-choice 'SCF-information-object', U0

  using: tbl-choice 'SCF-information-object', U0

  return [tbl-choice] 'SCF-information-object' vid=24064, tid=-1

 

Thanks,

--
Bob Bowman
Openwave Systems Inc.
Mobile: +1 (201) 310-1812
Yahoo IM: op_bob_bowman

Privacy and Confidentiality Notice: The information contained in this electronic mail message is intended for the named recipient(s) only.  It may contain privileged and confidential information.  If you are not an intended recipient, you must not copy, forward, distribute or take any action in reliance on it.  If you have received this electronic email message in error, please notify the sender immediately.