Wireshark-bugs: [Wireshark-bugs] [Bug 2320] New: New dissector: redback lawful intercept
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sat, 1 Mar 2008 14:31:56 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2320

           Summary: New dissector: redback lawful intercept
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: flo@xxxxxxxxxx


Created an attachment (id=1502)
 --> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1502)
RedBack LI Patch against SVN 24458

Build Information:
./configure && make
--
New dissector for the RedBack Lawful Intercept Packet header. 
Patch against SVN Revision 24458

Builds okay and survived fuzz test with 100 passes ... 

Redback encapsulates LI Sessions in UDP and prepends the final IP Packet with a
Packet Header - Decoded it looks like this:

Redback Lawful Intercept
    Sequence No AVP
        AVP Type: 1
        AVP Length: 4
        Sequence No: 36303
    Lawful Intercept Id AVP
        AVP Type: 2
        AVP Length: 4
        Lawful Intercept Id: 0
    Session Id AVP
        AVP Type: 3
        AVP Length: 4
        Session Id: 0
    Label AVP
        AVP Type: 20
        AVP Length: 16
        Label: Xrdsl-gtso-de99
    End Of Header AVP
        AVP Type: 0
        AVP Length: 0


Basically a list of AVPs where only 5 of them are currently in use. There is no
predefined UDP Port this traffic can be found on - its a configuration issue on
the BRASes side.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.