Wireshark-dev: Re: [Wireshark-dev] gsm_map dissector question
From: "Anders Broman \(AL/EAB\)" <anders.broman@xxxxxxxxxxxx>
Date: Mon, 26 Mar 2007 12:19:05 +0200
Hi,
In which specification is mt-fsm(MT-ForwardSM?) given with Opcode 46? 
I supose a solution would be to introduce a preference if MAPv2 or V3 is
used.
I have little time to look at this currently.
Best regards
Anders

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Abhik Sarkar
Sent: den 26 mars 2007 11:31
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] gsm_map dissector question

Hi Anders,

Thanks for your reply. Attached are sample captures. The MSUs are syslog
encapsulated, so you need to be running SVN rev 21109 or higher. Decode
UDP destination port 7890 as syslog and you will see the MTP3 and higher
layers.

example1.cap : A simple MAPv2 mt-fsm showing up as mo-fsm.
example2.cap : The gsm_map dissector throwing up a BER decode error
because it thinks there are some extra invalid field beyond the sm-RP-UI
of the mo-fsm, but the extra field is actually the more-messages-to-send
flag in a MAPv2 mt-fsm.

I had one more example, but I can't find it anymore. I will send it on
if I do find it.

Best regards,
Abhik.

On 3/26/07, Anders Broman (AL/EAB) <anders.broman@xxxxxxxxxxxx> wrote:
> Hi,
> If you could supply a sample trace we could see what can be done.
> Best regards
> Anders
>
> ________________________________
>
> From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of Abhik Sarkar
> Sent: Mon 3/26/2007 9:49 AM
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: [Wireshark-dev] gsm_map dissector question
>
>
>
> Hi List,
>
> I have been capturing and decoding some live traffic on a GSM network,

> and find a problem in decoding of GSM MAP operations.
>
> The GSM MAP dissector is currently based on 3GPP TS 29.002 v7.5.0.
> This leads to incorrect decoding of packets which are working on lower

> MAP versions. For example, a MAP v2 ShortMsgMT-Relay gets decoded as 
> MAP v3 ShortMsgMO-Relay (because the opcodes are same). This leads to 
> all kinds of warnings, and sometimes incorrect decoding.
>
> I don't suppose there is a (simple) way around this, is there? I guess

> a complex (and resource hungry) method would be for the TCAP dissector

> to follow dialogs and then pass the application context information to

> the MAP dissector for MAP to interpret the operation based on the 
> application context in addition to the op-code.
>
> I am sorry if this has already been discussed, I searched the 
> archives, but could not find anything relevant... perhaps I didn't use

> the correct search string.
>
> Thanks,
> Abhik.
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>
>