Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 5041] New: Tshark bug when dissect the MC interface trace

Wireshark-bugs: [Wireshark-bugs] [Bug 5041] New: Tshark bug when dissect the MC interface trace

Date: Wed, 21 Jul 2010 23:59:27 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5041

           Summary: Tshark bug  when dissect the MC interface trace
           Product: Wireshark
           Version: unspecified
          Platform: Other
        OS/Version: Windows Vista
            Status: NEW
          Severity: Major
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: hui.wei@xxxxxxxxxxxx


Created an attachment (id=4948)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4948)
It's a IP packet which contains several upper layer messages. How to dissect
these messages using TSHARK?

Build Information:
$ tshark -v
TShark 1.3.3 (SVN Rev 31863 from /trunk)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.22.3, with WinPcap (version unknown), with libz 1.2.3,
without POSIX capabilities, without libpcre, with SMI 0.4.8, with c-ares 1.7.0,
with Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT
Kerberos, with GeoIP.

Running on 32-bit Windows Vista Service Pack 1, build 6001, with WinPcap
version
4.1.1 (packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.8.5, Gcrypt 1.4.5.

Built using Microsoft Visual C++ 9.0 build 30729
--
When I use the wireshark to dissect the MC interface trace, it regard each IP
packet as one message. However, there are several upper layer messages enbedded
in the same one IP packet.

Therefore, when I use the following Tshark command to dissect that, it can only
generate 1 gsm message:
tshark -r MC_SAMPLE_LOGS -R "gsm_a.dtap_msg_mm_type > 0 or
gsm_a.dtap_msg_cc_type > 0 or gsm_a.bssmap_msgtype > 0 or sccp.message_type >
0" -T fields -E header=y -e frame -e frame.time_epoch -e ip.src -e ip.dst -e
sccp.slr -e sccp.dlr -e sccp.message_type -e gsm_a.dtap_msg_mm_type -e
gsm_a.dtap_msg_cc_type -e gsm_a.bssmap_msgtype -e gsm_a.imsi > result_MO.txt

As below:
frame frame.time_epoch ip.src ip.dst sccp.slr sccp.dlr sccp.message_type
gsm_a.dtap_msg_mm_type gsm_a.dtap_msg_cc_type gsm_a.bssmap_msgtype gsm_a.imsi 
Frame 1: 1170 bytes on wire (9360 bits), 1170 bytes captured (9360 bits)
1271940351 10.37.11.26 10.37.19.18 0xa80003 0x0a16ec 0x05 0x08   0x55
4.60002E+14

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Follow-Ups:
- [Wireshark-bugs] [Bug 5041] Tshark bug when dissect the MC interface trace
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 3232] dissectors for totemnet and totemsrp protocols implemented in corosync cluster engine
Next by Date: [Wireshark-bugs] [Bug 5041] Tshark bug when dissect the MC interface trace
Previous by thread: [Wireshark-bugs] [Bug 5040] Optionally display Wireshark version in the main window's title bar
Next by thread: [Wireshark-bugs] [Bug 5041] Tshark bug when dissect the MC interface trace
Index(es):
- Date
- Thread