Wireshark-dev: [Wireshark-dev] Wireshark bug when dissect the MC interface trace
Hi,
When I use the wireshark to dissect the MC interface trace, it regard each IP packet as one message. However, there are several upper layer messages enbedded in the same one IP packet.
Therefore, when I use the following Tshark command to dissect that, it can only generate 1 gsm message:
tshark -r MC_SAMPLE_LOGS -R "gsm_a.dtap_msg_mm_type > 0 or gsm_a.dtap_msg_cc_type > 0 or gsm_a.bssmap_msgtype > 0 or sccp.message_type > 0" -T fields -E header=y -e frame -e frame.time_epoch -e ip.src -e ip.dst -e sccp.slr -e sccp.dlr -e sccp.message_type
-e gsm_a.dtap_msg_mm_type -e gsm_a.dtap_msg_cc_type -e gsm_a.bssmap_msgtype -e gsm_a.imsi > result_MO.txt
As below:
| frame | frame.time_epoch | ip.src | ip.dst | sccp.slr | sccp.dlr | sccp.message_type | gsm_a.dtap_msg_mm_type | gsm_a.dtap_msg_cc_type | gsm_a.bssmap_msgtype | gsm_a.imsi |
| Frame 1: 1170 bytes on wire (9360 bits), 1170 bytes captured (9360 bits) | 1271940351 | 10.37.11.26 | 10.37.19.18 | 0xa80003 | 0x0a16ec | 0x05 | 0x08 | 0x55 | 4.60002E+14 |
The protocol hierarchy is show as below:
The original dump packet is attached as below:
Could anybody help me to repair that?
Thanks!
Best Regards!
Wei Hui
Ericsson (China) Communications Company Ltd. Nanjing Branch
6F No.2 Building Nanjing IC Design Park,
No.89 Shengli Road. Jiangning Economic & Technology Development Zone
Nanjing, P.R.China
Post Code: 211100
Tel: +86 25 87128000
Fax: +86 25 87128001
Mobile: +86 13951612835
E-mail: hui.wei@xxxxxxxxxxxx
Attachment:
packet_MC.dump
Description: packet_MC.dump
- Prev by Date: Re: [Wireshark-dev] wireshark compilation errors in Cygwin.
- Next by Date: Re: [Wireshark-dev] Compile RPM with only tshark
- Previous by thread: Re: [Wireshark-dev] Compile RPM with only tshark
- Next by thread: [Wireshark-dev] where is the best place to do the calculation
- Index(es):