Wireshark-users: [Wireshark-users] stack mms/COTP/CLNP
From: "Angel de Juan" <aldjcurro@xxxxxxxxxxx>
Date: Wed, 09 Aug 2006 07:42:06 +0000
I'm using the latest release (0.99.2) WIN version. The stack that I'm trying
to decode is MMS/PRES/SES/COTP/CLNP/LLC/Ethernet. The messages captured now
can be decoded only up to PRES layer. The hex above PRES does not seem to be
decoded, and the following message is displayed "dissector is not
available".
At preference menu, I don't see anywhere can specify "ASN.1" for mms. Did I
do something wrong or, the current release does not support ANS.1 encoding
for mms. I have seen an example of stack MMS/TCP/IP.
Does anyone know if there is a plug-in can be installed to support this?
Thanks!
Angel
I attached an example capture in order to show the problem I have.
Frame 220 (597 bytes on wire, 597 bytes captured)
Arrival Time: Aug 4, 2006 10:17:09.210874000
Time delta from previous packet: 3.630841000 seconds
Time since reference or first frame: 50.104591000 seconds
Frame Number: 220
Packet Length: 597 bytes
Capture Length: 597 bytes
Frame is marked: False
Protocols in frame: eth:llc:clnp:ses:pres
IEEE 802.3 Ethernet
Destination: CompaqCo_80:0a:6b (00:08:02:80:0a:6b)
Address: CompaqCo_80:0a:6b (00:08:02:80:0a:6b)
.... ...0 .... .... .... .... = Multicast: This is a UNICAST frame
.... ..0. .... .... .... .... = Locally Administrated Address: This
is a FACTORY DEFAULT address
Source: Telemeca_00:0d:06 (00:80:f4:00:0d:06)
Address: Telemeca_00:0d:06 (00:80:f4:00:0d:06)
.... ...0 .... .... .... .... = Multicast: This is a UNICAST frame
.... ..0. .... .... .... .... = Locally Administrated Address: This
is a FACTORY DEFAULT address
Length: 583
Logical-Link Control
DSAP: ISO Network Layer (0xfe)
IG Bit: Individual
SSAP: ISO Network Layer (0xfe)
CR Bit: Command
Control field: U, func=UI (0x03)
000. 00.. = Command: Unnumbered Information (0x00)
.... ..11 = Frame type: Unnumbered frame (0x03)
ISO 8473 CLNP ConnectionLess Network Protocol
Network Layer Protocol Identifier: CLNP (0x81)
HDR Length : 57
Version : 1
Holding Time : 3 (1.5 secs)
PDU Type : 0x9c (S DT)
1... .... = Segmentation permitted
.0.. .... = Last segment
..0. .... = Don't report error if PDU discarded
...1 1100 = Data
PDU length : 580
Checksum : 0x0000
DAL : 20
DA : [47|00:05][80|ff:fd:00|00:00][02:00|00:7e]0400.3001.0000[01]
SAL : 20
SA : [47|00:05][80|ff:fd:00|00:00][02:00|00:7e]0431.2206.0000[01]
Data unit identifier: 018674
Segment offset : 0
Total length : 580
### No Options for this PDU ###
ISO 8073 COTP Connection-Oriented Transport Protocol
Length: 7
PDU Type: DT Data (0x0f)
Destination reference: 0x880a
TPDU number: 0x00006b06
1... .... .... .... .... .... .... .... = Last data unit: Yes
ISO 8327-1 OSI Session Protocol
SPDU Type: Give tokens PDU (1)
Length: 0
ISO 8327-1 OSI Session Protocol
SPDU Type: DATA TRANSFER (DT) SPDU (1)
Length: 0
ISO 8823 OSI Presentation Protocol
user-data: fully-encoded-data (1)
fully-encoded-data: 1 item
Item
presentation-context-identifier: 3
presentation-data-values: single-ASN1-type (0)
dissector is not available
single-ASN1-type:
A38201ECA08201E8A0143012A010800E535F4449475F4D45...
0000 00 08 02 80 0a 6b 00 80 f4 00 0d 06 02 47 fe fe .....k.......G.. 0010 03 81 39 01 03 9c 02 44 00 00 14 47 00 05 80 ff ..9....D...G.... 0020 fd 00 00 00 02 00 00 7e 04 00 30 01 00 00 01 14 .......~..0..... 0030 47 00 05 80 ff fd 00 00 00 02 00 00 7e 04 31 22 G...........~.1" 0040 06 00 00 01 48 f2 00 00 02 44 07 f0 88 0a 80 00 ....H....D...... 0050 6b 06 01 00 01 00 61 82 01 fb 30 82 01 f7 02 01 k.....a...0..... 0060 03 a0 82 01 f0 a3 82 01 ec a0 82 01 e8 a0 14 30 ...............0 0070 12 a0 10 80 0e 53 5f 44 49 47 5f 4d 45 53 53 41 .....S_DIG_MESSA 0080 47 45 53 a0 82 01 ce a2 82 01 ca 86 01 01 86 01 GES............. 0090 1a 8a 1a 33 31 54 4d 5f 32 32 5f 41 47 30 34 20 ...31TM_22_AG04 00a0 20 20 20 20 20 20 20 20 20 20 20 20 20 86 01 0a ... 00b0 86 01 00 86 01 00 86 01 00 a1 81 b7 86 01 00 86 ................ 00c0 01 00 86 01 00 86 02 01 90 86 01 00 86 01 00 86 ................ 00d0 01 00 86 01 00 86 01 00 86 02 01 90 86 01 00 86 ................ 00e0 01 00 86 01 00 86 01 00 86 01 00 86 02 01 90 86 ................ 00f0 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 ................ 0100 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 ................ 0110 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 ................ 0120 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 ................ 0130 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 ................ 0140 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 ................ 0150 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 ................ 0160 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 ................ 0170 86 01 00 a1 3c 86 01 00 86 01 00 86 01 00 86 01 ....<........... 0180 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 ................ 0190 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 ................ 01a0 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 ................ 01b0 00 8a 64 20 20 20 20 20 20 20 20 20 20 20 20 20 ..d 01c0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 01d0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 01e0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 01f0 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0200 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0210 20 20 20 20 20 20 20 a1 3c 86 01 00 86 01 00 86 .<....... 0220 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 ................ 0230 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 ................ 0240 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 ................ 0250 01 00 86 01 00 ..... _________________________________________________________________Grandes éxitos, superhéroes, imitaciones, cine y TV... http://es.msn.kiwee.com/ Lo mejor para tu móvil.
- Follow-Ups:
- Re: [Wireshark-users] stack mms/COTP/CLNP
- From: Anders Broman
- Re: [Wireshark-users] stack mms/COTP/CLNP
- Prev by Date: Re: [Wireshark-users] How do I sniff GSM and GPRS -SMS traffic ?
- Next by Date: Re: [Wireshark-users] stack mms/COTP/CLNP
- Previous by thread: Re: [Wireshark-users] How do I sniff GSM and GPRS -SMS traffic ?
- Next by thread: Re: [Wireshark-users] stack mms/COTP/CLNP
- Index(es):