Time ago I added the "user-dlt" facility exactly to deal with
unencapsulated protocols taken from logs.
Here's a quick description of what you have to do:
convert the logs with text2pcap using the -l argument and give it a value
between 147 and 162.
$ text2pcap -l 160 in.txt out.pcap
then open out.pcap with ethereal and go to the Preferences' tab "DLT User A"
in the tab set DLT to 160 and Payload to (I guess) "sccp".
Save the preferences.
At this point you should see the decoded sccp pdus.
L.
On 11/21/05, Banibrata Dutta <banibrata.dutta@xxxxxxxxx> wrote:
> Vijay,
>
> that's very little information to go by, i.e. the SS7 hex data (I
> believe a PDU of certain SS7 layer by which ??), may or maynot have
> sufficient information for ethereal to be able to decode it. you need
> to know whether it's SS7 over IP (SIGTRAN) and that the adaptation
> layer's headers are intact. the Ethereal wiki should help you.
>
> - bd
>
> On 11/22/05, Vijaya Kumar <vijayk@xxxxxxxxxxxxxx> wrote:
> > Hi,
> > I have hex data of SS7 in file. How can analyze using ethereal. Please
> > help me
> >
> > Bye
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
>
>
> --
> --------------------
> Diamond is a piece of coal that did well under pressure.
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
