On Jul 15, 2008, at 6:55 AM, Mahdi M. Hossaini wrote:,
There are two important protocol in PSTN networks which are not
supported in wireshark,
They are:
V5.2
ISDN-PRI (DSS1)
These protocols are used on TDM (T1/E1) links as for MTP and ISUP.
(By "as for MTP and ISUP" do you mean that MTP is also used on T1/E1
links?)
What is the reason for this weakness in wirshark
As Luis indicated, the reason why Wireshark doesn't support V5.2 is
that nobody's contributed any code to us to support V5.2.
When you say "DSS1", to which protocols are you referring? As Luis
indicated, we *do* support Q.931 and LAPD.
There's the additional question of being able to *capture* that
traffic with Wireshark, as opposed to being able to read capture files
from other software. To capture on T1/E1 links, you'd need a device
such as an Endace DAG card:
http://www.endace.com/our-products/dag-network-monitoring-cards/pdh-tdm
and OS and libpcap/WinPcap support for those cards. Libpcap on Linux
and FreeBSD can be built with support for DAG cards; I think there
might be WinPcap support as well. However, we currently don't support
*capturing* LAPD with Endace cards (in theory, all that's required
would be to add support for DLT_LAPD in the code that reads libpcap
files).
and what must we do to support them in wireshark?
Dissecting, or capturing?
For dissecting, you'd need to add support for reading some type of
capture file that contains that traffic, as well as adding dissectors
for V5.2 protocols and any ISDN PRI protocols that we don't already
dissect.
For capturing, you'd need to add that, as well as whatever support is
needed to handle the Endace cards.
