Wireshark · Wireshark-users: [Wireshark-users] Tshark display filter for camel

["Joyce" <joyce.xie@xxxxxxxxxxxxxxxxxx>]

Hi all,

I'm trying to use tshark display filter "-R" to show camel part of my pcap file (sybsystem number is 146). Although it can be done by modify the camel "TCAP SSNs" range in wireshark, I could not find a way to modify the range of SSN in tshark.

the command I tried is like following:

tshark -V -R ",camel," -r inputfile.pcap

or  tshark -V -R ",sccp.ssn > 6 " -r inputfile.pcap

 

I have searched in wireshark website, and in http://wiki.wireshark.org/CAMEL

it said "The ssn used to dissect CAMEL is configurable." however where to configure it?

 

below is what I get from tshark, the camel part is not readable. 

=========================================================================

Signalling Connection Control Part
    Message Type: Unitdata (0x09)
    .... 0000 = Class: 0x00
    0000 .... = Message handling: No special options (0x00)
    Pointer to first Mandatory Variable parameter: 3
...skipping...
        .... .... .... .... ..00 1111 1010 0000 = DPC: 4000
        .... 0000 0001 1001 11.. .... .... .... = OPC: 103
        1101 .... .... .... .... .... .... .... = Signalling Link Selector: 13
Signalling Connection Control Part
    Message Type: Unitdata (0x09)
    .... 0000 = Class: 0x00
    0000 .... = Message handling: No special options (0x00)
    Pointer to first Mandatory Variable parameter: 3
    Pointer to second Mandatory Variable parameter: 15
    Pointer to third Mandatory Variable parameter: 27
    Called Party address (12 bytes)
        Address Indicator
            .0.. .... = Routing Indicator: Route on GT (0x00)
            ..01 00.. = Global Title Indicator: Translation Type, Numbering Plan, Encoding Scheme, and Nature of
Address Indicator included (0x04)
            .... ..1. = SubSystem Number Indicator: SSN present (0x01)
            .... ...1 = Point Code Indicator: Point Code present (0x01)
        ..00 1111 1010 0000 = PC: 4000
        SubSystem Number: CAP (146)
        Global Title 0x4 (8 bytes)
            Translation Type: 0x00
            0111 .... = Numbering Plan: ISDN/mobile (0x07)
            .... 0010 = Encoding Scheme: BCD, even number of digits (0x02)
            .000 0100 = Nature of Address Indicator: International number (0x04)
            Address information (digits): 6592771015
    Calling Party address (12 bytes)
        Address Indicator
            .0.. .... = Routing Indicator: Route on GT (0x00)
            ..01 00.. = Global Title Indicator: Translation Type, Numbering Plan, Encoding Scheme, and Nature of
Address Indicator included (0x04)
            .... ..1. = SubSystem Number Indicator: SSN present (0x01)
            .... ...1 = Point Code Indicator: Point Code present (0x01)
        ..00 0111 1101 0000 = PC: 2000
        SubSystem Number: SSN not known/not used (0)
        Global Title 0x4 (8 bytes)
            Translation Type: 0x00
            0111 .... = Numbering Plan: ISDN/mobile (0x07)
            .... 0010 = Encoding Scheme: BCD, even number of digits (0x02)
            .000 0100 = Nature of Address Indicator: International number (0x04)
            Address information (digits): 6593524066
Data (81 bytes)

 

0000  62 4f 48 04 18 22 00 01 6b 1e 28 1c 06 07 00 11   bOH.."..k.(.....
0010  86 05 01 01 01 a0 11 60 0f 80 02 07 80 a1 09 06   .......`........
0020  07 04 00 00 01 00 32 01 6c 27 a1 25 02 01 01 02   ......2.l'.%....
0030  01 00 30 1d 80 01 7b 82 07 04 40 56 59 77 01 51   ..0...{...@VYw.Q
0040  83 07 04 40 56 69 25 04 66 9f 32 05 78 00 00 00   ...@Vi%.f.2.x...
0050  00                                                .
===============================================================================================

 

Thanks to share with me your thought!

 

 

Joyce