Wireshark-dev: Re: [Wireshark-dev] Help on understanding Application context in TCAPto be used
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "DROUIN FLORENT" <Florent.Drouin@xxxxxxxxxxxxxxxxx>
Date: Wed, 7 Jan 2009 18:25:44 +0100
    Hello,
 
Wireshark manage only one version of the GSM MAP, this version is defined within the ASN files in the gsm map sources.
In the current application, one of the latest GSM MAP ASN definition is used, and additional messages related to previous version have been included.
This means, for a given application context, only one version of the MAP protocol is implemented.
So, you can not ask to decode a message with 3GPP TS 29.002 :v5.10.0 or 3GPP TS 29.002 :v6.8.0.
 
For your second question, you can have several equipment (so different Point Code) using the same TCAP transaction ID, so if you don't check the PC, you will mix several session.
 
For frame 2, I need to check with the ASN1 definition of the message to know if this is a bad decoding.
 
Regards
Florent
De : wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] De la part de tulip neo
Envoyé : mercredi 7 janvier 2009 15:31
À : wireshark-dev@xxxxxxxxxxxxx
Objet : [Wireshark-dev] Help on understanding Application context in TCAPto be used by GSM MAP

Hi List,
Good Evening.
I have a problem with  GSM MAP Decoding.So according to the  implimentaion map
rel version should be determined dynamically based on application context.
I undesrstand it this way.Application conext is used if its recieved by traffic.
if its recived and the call alreday exist than we may fall back with mismatch.
My question is How do i know which version of GSM map wireshark uses
internally for a specific message.(Well need to debug is there any other way).
There seem to be no version checking except some checking with application context value 1,2
and 3.Wireshark checks only application_context_version ==3 nd in some cases
<3 .I m intrested to know is it only handled this way or some other way out.
I Know that the following version release are possible in case of GSM MAP.
GSM 09.02 Ph 1 :v3.11.0
GSM 09.02 Ph 2 :v4.19.1
3GPP TS 29.002 :v3.12.0
3GPP TS 29.002 :v4.13.0
3GPP TS 29.002 :v5.7.0
3GPP TS 29.002 :v5.10.0
3GPP TS 29.002 :v6.8.0
3GPP TS 29.002 :v6.14.0
3GPP TS 29.002 :v7.8.0
Which version wireshark currently supports.
I see only the following from sources:
ETSI TS 129 002
ETSI TS 129 002 V7.5.0 (3GPP TS 29.002 V7.5.0 (2006-09) Release 7)
ETSI TS 129 002 V8.4.0 (3GPP TS 29.002 V8.1.0 (2007-06) Release 8)
3GPP TS 24.080
secondly i saw from sources that it is using MTP3 PC to match a call.I understand
it this way when we have a message,we check for OID(Source/destnination).continue
can have both while begin has source and abort/end have destination.so comparing
previously recived message with recently recived message we can find the matching
call but i m wondering why MTP3 PC is used.
I have attached a smaple trace where frame 1 and 3 belong to same transaction.
frame 1 is begin and frame 3 is end.begin message at frame 1 source transaction
id C746F173 is same as end messae at frame 3(dest trans id C746F173).both have
application-context-name: 0.4.0.0.1.0.24.2 (mwdMngtContext-v2).
so in this case v2 is used.if with end message there would not have been any
application-context-name than it would have used begin's Application context name.
on the other hand in frame 2 it gives some decoding error.is it the case that wireshark
has a bug or some thing else.
Any help/pointer on this would help me really to understand the transaction management in TCAP.
Br
tulip
 

Add more friends to your messenger and enjoy! Invite them now.