Wireshark-users: Re: [Wireshark-users] Fw: I am not decode the Nbap and sscopmessages.
From: "Anders Broman" <a.broman@xxxxxxxxx>
Date: Mon, 6 Aug 2007 18:12:54 +0200
Hi, Are the protocols in the trace: IP UDP SSCOP NBAP? Would DissectorTable.get("udp.port"):add(9013, Dissector.get("sscop")); Work? Can you send a binary trace file (.pcap)? Regards Anders -----Ursprungligt meddelande----- Från: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] För vaibhav.agarwal@xxxxxxxxxxx Skickat: den 6 augusti 2007 20:41 Till: Luis EG Ontanon Kopia: Community support list for Wireshark Ämne: Re: [Wireshark-users] Fw: I am not decode the Nbap and sscopmessages. Hi Luis, Thanks!! Now, Nbap is working. Nbap messages decode by wireshark. But now one problem comes Below Nbap Layer sscop layer exist, Now wireshark consider each and every message as a NBAP message. That's why wireshark consider sscop message as a nbap message and gives error. please help how to configure sscop layer also on same port. Type: IP (0x0800) Trailer: 00000000000000000000 Internet Protocol, Src: 192.168.255.143 (192.168.255.143), Dst: 192.168.255.16 (192.168.255.16) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 36 Identification: 0xf625 (63013) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (0x11) Header checksum: 0x04b2 [correct] [Good: True] [Bad : False] Source: 192.168.255.143 (192.168.255.143) Destination: 192.168.255.16 (192.168.255.16) User Datagram Protocol, Src Port: 9013 (9013), Dst Port: 9013 (9013) Source port: 9013 (9013) Destination port: 9013 (9013) Length: 16 Checksum: 0x377b [correct] [Good Checksum: True] [Bad Checksum: False] UTRAN Iub interface NBAP signalling NBAP-PDU: initiatingMessage (0) initiatingMessage procedureID procedureCode: id-audit (0) ddMode: tdd (0) criticality: reject (0) messageDiscriminator: common (0) transactionID: shortTransActionId (0) shortTransActionId: 10 initiatingMessageValue id-audit protocolIEs: 205 items Item 0 Item [Malformed Packet: NBAP] Thanks & Regards, Vaibhav "Luis EG Ontanon" <luis.ontanon@gma il.com> To Vaibhav Agarwal/NokiaDDF@NOKIADDF 08/06/2007 05:15 cc PM Subject Re: Fw: [Wireshark-users] I am not decode the Nbap and sscop messages. So that's NBAP running atop UDP... which we do not have it registered for. can you edit the file init.lua and add the following line at the very beggining: DissectorTable.get("udp.port"):add(9013, Dissector.get("nbap")); then try to open the file again. Luis On 06-Aug-2007 17:00:21 ZE5B, vaibhav.agarwal@xxxxxxxxxxx <vaibhav.agarwal@xxxxxxxxxxx> wrote: > > > > > > > > Hi, > > I am using .pcap file. > > This packet contain the Nbap message but Wireshark does not decode this > message (I Enable all the protocols through "Enables protocols" option). > > Please tell me the reason. > > No. Time Source Destination Protocol > Info > 166785 83.426705 192.168.255.16 192.168.255.143 UDP > Source port: 9013 Destination port: 9013 > > Frame 166785 (78 bytes on wire, 78 bytes captured) > Arrival Time: Aug 6, 2007 11:44:58.239002000 > [Time delta from previous packet: 0.032667000 seconds] > [Time since reference or first frame: 83.426705000 seconds] > Frame Number: 166785 > Packet Length: 78 bytes > Capture Length: 78 bytes > [Frame is marked: True] > [Protocols in frame: eth:ip:udp:data] > Ethernet II, Src: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52), Dst: > Intel_c3:4b:b0 (00:0e:0c:c3:4b:b0) > Destination: Intel_c3:4b:b0 (00:0e:0c:c3:4b:b0) > Address: Intel_c3:4b:b0 (00:0e:0c:c3:4b:b0) > .... ...0 .... .... .... .... = IG bit: Individual address > (unicast) > .... ..0. .... .... .... .... = LG bit: Globally unique address > (factory default) > Source: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52) > Address: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52) > .... ...0 .... .... .... .... = IG bit: Individual address > (unicast) > .... ..0. .... .... .... .... = LG bit: Globally unique address > (factory default) > Type: IP (0x0800) > Internet Protocol, Src: 192.168.255.16 (192.168.255.16), Dst: > 192.168.255.143 (192.168.255.143) > Version: 4 > Header length: 20 bytes > Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) > 0000 00.. = Differentiated Services Codepoint: Default (0x00) > .... ..0. = ECN-Capable Transport (ECT): 0 > .... ...0 = ECN-CE: 0 > Total Length: 64 > Identification: 0x0000 (0) > Flags: 0x04 (Don't Fragment) > 0... = Reserved bit: Not set > .1.. = Don't fragment: Set > ..0. = More fragments: Not set > Fragment offset: 0 > Time to live: 64 > Protocol: UDP (0x11) > Header checksum: 0xbabb [correct] > [Good: True] > [Bad : False] > Source: 192.168.255.16 (192.168.255.16) > Destination: 192.168.255.143 (192.168.255.143) > User Datagram Protocol, Src Port: 9013 (9013), Dst Port: 9013 (9013) > Source port: 9013 (9013) > Destination port: 9013 (9013) > Length: 44 > Checksum: 0xcd18 [correct] > [Good Checksum: True] > [Bad Checksum: False] > Data (36 bytes) > > 0000 00 24 4a 00 01 17 00 00 00 00 02 58 40 0f 10 00 .$J........X@... > 0010 01 40 00 0a 00 00 64 14 08 01 19 02 80 00 00 00 .@....d......... > 0020 c8 00 00 1c > > > > Thanks & Regards, > Vaibhav > > > > "Luis EG Ontanon" > <luis.ontanon@gma > il.com> To > Sent by: "Community support list for > wireshark-users-b Wireshark" > ounces@wireshark. <wireshark-users@xxxxxxxxxxxxx> > org cc > > Subject > 08/06/2007 04:35 Re: [Wireshark-users] I am not > PM decode the Nbap and sscop messages. > > > Please respond to > Community support > list for > Wireshark > <wireshark-users@ > wireshark.org> > > > > > > > Which kind of file are you using? > > On 06-Aug-2007 16:25:13 ZE5B, vaibhav.agarwal@xxxxxxxxxxx > <vaibhav.agarwal@xxxxxxxxxxx> wrote: > > > > > > > > > > > > Hi, > > > > I am using wireshark version 0.99.5, > > But I donot decode sscop and Nbap layer messages. > > > > please tell what is the procedure how to decode these layer messages. > > > > > > Thanks & Regards, > > Vaibhav > > > > *********************** Aricent-Unclassified *********************** > > > > "DISCLAIMER: This message is proprietary to Aricent and is intended > solely > > for the use of > > the individual to whom it is addressed. It may contain privileged or > > confidential information and should not be > > circulated or used for any purpose other than for what it is intended. If > > you have received this message in error, > > please notify the originator immediately. If you are not the intended > > recipient, you are notified that you are strictly > > prohibited from using, copying, altering, or disclosing the contents of > > this message. Aricent accepts no responsibility for > > loss or damage arising from the use of the information transmitted by > this > > email including damage from virus." > > > > > > > > _______________________________________________ > > Wireshark-users mailing list > > Wireshark-users@xxxxxxxxxxxxx > > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > > > -- > This information is top security. When you have read it, destroy yourself. > -- Marshall McLuhan > > Propertarianism joined to capitalist vigor destroyed meaningful > commercial competition, but when it came to making good software, > anarchism won. > -- Eben Moglen > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > > *********************** Aricent-Unclassified *********************** > > *********************** Aricent-Unclassified *********************** > > "DISCLAIMER: This message is proprietary to Aricent and is intended solely > for the use of > the individual to whom it is addressed. It may contain privileged or > confidential information and should not be > circulated or used for any purpose other than for what it is intended. If > you have received this message in error, > please notify the originator immediately. If you are not the intended > recipient, you are notified that you are strictly > prohibited from using, copying, altering, or disclosing the contents of > this message. Aricent accepts no responsibility for > loss or damage arising from the use of the information transmitted by this > email including damage from virus." > > > > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan Propertarianism joined to capitalist vigor destroyed meaningful commercial competition, but when it came to making good software, anarchism won. -- Eben Moglen *********************** Aricent-Unclassified *********************** "DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus." _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users
- References:
- Re: [Wireshark-users] Fw: I am not decode the Nbap and sscop messages.
- From: vaibhav . agarwal
- Re: [Wireshark-users] Fw: I am not decode the Nbap and sscop messages.
- Prev by Date: Re: [Wireshark-users] Fw: I am not decode the Nbap and sscop messages.
- Next by Date: Re: [Wireshark-users] Fw: I am not decode the Nbap and sscop messages.
- Previous by thread: Re: [Wireshark-users] Fw: I am not decode the Nbap and sscop messages.
- Next by thread: Re: [Wireshark-users] Fw: I am not decode the Nbap and sscop messages.
- Index(es):