Wireshark-bugs: [Wireshark-bugs] [Bug 1911] ISUP inside RUDP/Cisco SM packets not decoded
Date: Fri, 12 Oct 2007 16:28:59 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1911





------- Comment #5 from jeff.morriss@xxxxxxxxxxx  2007-10-12 16:28 GMT -------
(In reply to comment #4)
> > Are there different versions of the Cisco SM protocol?  Or what is the payload
> > directly above Cisco SM supposed to be (MTP3 or ISUP? ANSI or ITU?)?
> 
> As far as I remember, the first protocol on top of Cisco SM should be MTP3,
> then containing EISUP.
> EISUP is a Cisco proprietary extension to ISUP, adding additional VoIP-specific
> information. I contacted Cisco a few months ago asking if the protocol was
> documented and/or if a dissector was avaialable. They replied that Ethereal was
> already able to decode it.
> I didn't believe them until they showed that to me in person: Ethereal was
> using the ISUP dissector. I can't remember the version they were using, though.

I think you're running into trouble at the SM level, though (since the both the
message type and the message length look wrong).

> This seems to be an old bug/problem, what I'm experiencing is the same as it's
> described here:
> http://www.ethereal.com/lists/ethereal-dev/200405/msg00121.html

Except that his packets contained "sane" SM values:

    Message ID: 0x0000
    Message Type: 0x0010
    Channel ID: 0x0000
    Bearer ID: 0x0000
    Length: 33


Actually, looking at frame 10 in your capture file, I really don't think this
is supposed to be ISUP/MTP3/SM/RUDP--look at all the clear text in the message:

0000  00 03 ba 96 55 f2 00 03 ba 8a b3 06 08 00 45 00   ....U.........E.
0010  01 93 1b 93 40 00 ff 11 cb ac 53 47 76 46 53 47   ....@.....SGvFSG
0020  76 45 1f 43 1f 43 01 7f df 77 40 08 9a a8 25 4f   vE.C.C...w@...%O
0030  00 00 00 00 80 00 01 01 01 67 53 47 76 45 00 03   .........gSGvE..
0040  ba a8 40 01 ac 01 55 76 3d 30 0d 0a 6f 3d 2d 20   ..@...Uv=0..o=- 
0050  38 31 36 35 38 37 20 30 20 49 4e 20 49 50 34 20   816587 0 IN IP4 
0060  38 33 2e 37 31 2e 31 31 38 2e 31 39 38 0d 0a 73   83.71.118.198..s
0070  3d 43 69 73 63 6f 20 53 44 50 20 30 0d 0a 63 3d   =Cisco SDP 0..c=
0080  49 4e 20 49 50 34 20 38 33 2e 37 31 2e 31 31 38   IN IP4 83.71.118
0090  2e 31 39 38 0d 0a 74 3d 30 20 30 0d 0a 6d 3d 61   .198..t=0 0..m=a
00a0  75 64 69 6f 20 31 37 36 37 30 20 52 54 50 2f 41   udio 17670 RTP/A
00b0  56 50 20 38 20 39 39 20 31 38 20 31 30 30 0d 0a   VP 8 99 18 100..
00c0  61 3d 72 74 70 6d 61 70 3a 39 39 20 47 2e 37 32   a=rtpmap:99 G.72
00d0  39 61 2f 38 30 30 30 0d 0a 61 3d 72 74 70 6d 61   9a/8000..a=rtpma
00e0  70 3a 31 30 30 20 58 2d 4e 53 45 2f 38 30 30 30   p:100 X-NSE/8000
00f0  0d 0a 61 3d 66 6d 74 70 3a 31 30 30 20 31 39 32   ..a=fmtp:100 192
0100  2d 31 39 34 2c 32 30 30 2d 32 30 32 0d 0a 61 3d   -194,200-202..a=
0110  58 2d 73 71 6e 3a 30 0d 0a 61 3d 58 2d 63 61 70   X-sqn:0..a=X-cap
0120  3a 20 31 20 61 75 64 69 6f 20 52 54 50 2f 41 56   : 1 audio RTP/AV
0130  50 20 31 30 30 0d 0a 61 3d 58 2d 63 70 61 72 3a   P 100..a=X-cpar:
0140  20 61 3d 72 74 70 6d 61 70 3a 31 30 30 20 58 2d    a=rtpmap:100 X-
0150  4e 53 45 2f 38 30 30 30 0d 0a 61 3d 58 2d 63 70   NSE/8000..a=X-cp
0160  61 72 3a 20 61 3d 66 6d 74 70 3a 31 30 30 20 31   ar: a=fmtp:100 1
0170  39 32 2d 31 39 34 2c 32 30 30 2d 32 30 32 0d 0a   92-194,200-202..
0180  61 3d 58 2d 63 61 70 3a 20 32 20 69 6d 61 67 65   a=X-cap: 2 image
0190  20 75 64 70 74 6c 20 74 33 38 0d 0a 39 02 ac 9b    udptl t38..9...
01a0  00                                                .


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.