Wireshark-bugs: [Wireshark-bugs] [Bug 1911] ISUP inside RUDP/Cisco SM packets not decoded
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1911
------- Comment #5 from jeff.morriss@xxxxxxxxxxx 2007-10-12 16:28 GMT -------
(In reply to comment #4)
> > Are there different versions of the Cisco SM protocol? Or what is the payload
> > directly above Cisco SM supposed to be (MTP3 or ISUP? ANSI or ITU?)?
>
> As far as I remember, the first protocol on top of Cisco SM should be MTP3,
> then containing EISUP.
> EISUP is a Cisco proprietary extension to ISUP, adding additional VoIP-specific
> information. I contacted Cisco a few months ago asking if the protocol was
> documented and/or if a dissector was avaialable. They replied that Ethereal was
> already able to decode it.
> I didn't believe them until they showed that to me in person: Ethereal was
> using the ISUP dissector. I can't remember the version they were using, though.
I think you're running into trouble at the SM level, though (since the both the
message type and the message length look wrong).
> This seems to be an old bug/problem, what I'm experiencing is the same as it's
> described here:
> http://www.ethereal.com/lists/ethereal-dev/200405/msg00121.html
Except that his packets contained "sane" SM values:
Message ID: 0x0000
Message Type: 0x0010
Channel ID: 0x0000
Bearer ID: 0x0000
Length: 33
Actually, looking at frame 10 in your capture file, I really don't think this
is supposed to be ISUP/MTP3/SM/RUDP--look at all the clear text in the message:
0000 00 03 ba 96 55 f2 00 03 ba 8a b3 06 08 00 45 00 ....U.........E.
0010 01 93 1b 93 40 00 ff 11 cb ac 53 47 76 46 53 47 ....@.....SGvFSG
0020 76 45 1f 43 1f 43 01 7f df 77 40 08 9a a8 25 4f vE.C.C...w@...%O
0030 00 00 00 00 80 00 01 01 01 67 53 47 76 45 00 03 .........gSGvE..
0040 ba a8 40 01 ac 01 55 76 3d 30 0d 0a 6f 3d 2d 20 ..@...Uv=0..o=-
0050 38 31 36 35 38 37 20 30 20 49 4e 20 49 50 34 20 816587 0 IN IP4
0060 38 33 2e 37 31 2e 31 31 38 2e 31 39 38 0d 0a 73 83.71.118.198..s
0070 3d 43 69 73 63 6f 20 53 44 50 20 30 0d 0a 63 3d =Cisco SDP 0..c=
0080 49 4e 20 49 50 34 20 38 33 2e 37 31 2e 31 31 38 IN IP4 83.71.118
0090 2e 31 39 38 0d 0a 74 3d 30 20 30 0d 0a 6d 3d 61 .198..t=0 0..m=a
00a0 75 64 69 6f 20 31 37 36 37 30 20 52 54 50 2f 41 udio 17670 RTP/A
00b0 56 50 20 38 20 39 39 20 31 38 20 31 30 30 0d 0a VP 8 99 18 100..
00c0 61 3d 72 74 70 6d 61 70 3a 39 39 20 47 2e 37 32 a=rtpmap:99 G.72
00d0 39 61 2f 38 30 30 30 0d 0a 61 3d 72 74 70 6d 61 9a/8000..a=rtpma
00e0 70 3a 31 30 30 20 58 2d 4e 53 45 2f 38 30 30 30 p:100 X-NSE/8000
00f0 0d 0a 61 3d 66 6d 74 70 3a 31 30 30 20 31 39 32 ..a=fmtp:100 192
0100 2d 31 39 34 2c 32 30 30 2d 32 30 32 0d 0a 61 3d -194,200-202..a=
0110 58 2d 73 71 6e 3a 30 0d 0a 61 3d 58 2d 63 61 70 X-sqn:0..a=X-cap
0120 3a 20 31 20 61 75 64 69 6f 20 52 54 50 2f 41 56 : 1 audio RTP/AV
0130 50 20 31 30 30 0d 0a 61 3d 58 2d 63 70 61 72 3a P 100..a=X-cpar:
0140 20 61 3d 72 74 70 6d 61 70 3a 31 30 30 20 58 2d a=rtpmap:100 X-
0150 4e 53 45 2f 38 30 30 30 0d 0a 61 3d 58 2d 63 70 NSE/8000..a=X-cp
0160 61 72 3a 20 61 3d 66 6d 74 70 3a 31 30 30 20 31 ar: a=fmtp:100 1
0170 39 32 2d 31 39 34 2c 32 30 30 2d 32 30 32 0d 0a 92-194,200-202..
0180 61 3d 58 2d 63 61 70 3a 20 32 20 69 6d 61 67 65 a=X-cap: 2 image
0190 20 75 64 70 74 6c 20 74 33 38 0d 0a 39 02 ac 9b udptl t38..9...
01a0 00 .
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.