Wireshark-dev: Re: [Wireshark-dev] Dissector for Cisco ITP packet logging facility
From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Date: Sun, 28 Jan 2007 14:57:58 +0800

Abhik Sarkar wrote:
[...]
First an introduction in the form of a quote from the Cisco ITP manual...

<quote>
The ITP Packet Logging facility uses the BSD syslog protocol (RFC
3164) to send selected (SS7) MSUs to a user-selected monitoring tool
via the UDP connectionless protocol (RFC 768). Cisco Systems, Inc.
does not provide monitoring tools specifically for receiving and
decoding messages sent by the facility. The user must obtain a
suitable tool for receiving syslog messages.
</quote>

I have seen a proprietary tool to receive and decode these messages;
however, that runs on only one platform (as far as I know) and I don't
always have access to that platform.

Now, since wireshark can already dissect syslog packets and mtp
packets, I thought of combining the two.

Cool, I think that would be a useful addition to Wireshark.  However I
suspect that a separate dissector is not a good idea but your changes
would have to be merged into the existing syslog dissector (which appears easy since that's where you started). Could you provide a (small) sample capture file to test with (you could send it to
the list or to me privately if you prefer)?