Wireshark-users: Re: [Wireshark-users] Fw: I am not decode the Nbap and sscopmessages.
From: "Anders Broman" <a.broman@xxxxxxxxx>
Date: Mon, 6 Aug 2007 18:12:54 +0200
Hi,
Are the protocols in the trace:
IP
UDP
SSCOP
NBAP?

Would DissectorTable.get("udp.port"):add(9013, Dissector.get("sscop"));
Work?

Can you send a binary trace file (.pcap)?
Regards
Anders

-----Ursprungligt meddelande-----
Från: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] För
vaibhav.agarwal@xxxxxxxxxxx
Skickat: den 6 augusti 2007 20:41
Till: Luis EG Ontanon
Kopia: Community support list for Wireshark
Ämne: Re: [Wireshark-users] Fw: I am not decode the Nbap and sscopmessages.






Hi Luis,
Thanks!!
Now, Nbap is working. Nbap messages decode by wireshark.

But now one problem comes Below Nbap Layer sscop layer exist, Now wireshark
consider each and every message  as a NBAP message.
That's why wireshark consider sscop message as a nbap message and gives
error.

please help how to configure sscop layer also on same port.

    Type: IP (0x0800)
    Trailer: 00000000000000000000
Internet Protocol, Src: 192.168.255.143 (192.168.255.143), Dst:
192.168.255.16 (192.168.255.16)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 36
    Identification: 0xf625 (63013)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: UDP (0x11)
    Header checksum: 0x04b2 [correct]
        [Good: True]
        [Bad : False]
    Source: 192.168.255.143 (192.168.255.143)
    Destination: 192.168.255.16 (192.168.255.16)
User Datagram Protocol, Src Port: 9013 (9013), Dst Port: 9013 (9013)
    Source port: 9013 (9013)
    Destination port: 9013 (9013)
    Length: 16
    Checksum: 0x377b [correct]
        [Good Checksum: True]
        [Bad Checksum: False]
UTRAN Iub interface NBAP signalling
    NBAP-PDU: initiatingMessage (0)
        initiatingMessage
            procedureID
                procedureCode: id-audit (0)
                ddMode: tdd (0)
            criticality: reject (0)
            messageDiscriminator: common (0)
            transactionID: shortTransActionId (0)
                shortTransActionId: 10
            initiatingMessageValue
                id-audit
                    protocolIEs: 205 items
                        Item 0
                            Item
[Malformed Packet: NBAP]



Thanks & Regards,
Vaibhav


                                                                           
             "Luis EG Ontanon"                                             
             <luis.ontanon@gma                                             
             il.com>                                                    To 
                                       Vaibhav Agarwal/NokiaDDF@NOKIADDF   
             08/06/2007 05:15                                           cc 
             PM                                                            
                                                                   Subject 
                                       Re: Fw: [Wireshark-users] I am not  
                                       decode the Nbap and sscop           
                                       messages.                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




So that's NBAP running atop UDP...
which we do not have it registered for.
can you edit the file init.lua
and add the following line at the very beggining:

DissectorTable.get("udp.port"):add(9013, Dissector.get("nbap"));


then try to open the file again.

Luis

On 06-Aug-2007 17:00:21 ZE5B, vaibhav.agarwal@xxxxxxxxxxx
<vaibhav.agarwal@xxxxxxxxxxx> wrote:
>
>
>
>
>
>
>
> Hi,
>
> I am using .pcap file.
>
> This packet contain the Nbap message but Wireshark does not decode this
> message (I Enable all the protocols through "Enables protocols" option).
>
> Please tell me the reason.
>
> No.     Time        Source                Destination           Protocol
> Info
>  166785 83.426705   192.168.255.16        192.168.255.143       UDP
> Source port: 9013  Destination port: 9013
>
> Frame 166785 (78 bytes on wire, 78 bytes captured)
>     Arrival Time: Aug  6, 2007 11:44:58.239002000
>     [Time delta from previous packet: 0.032667000 seconds]
>     [Time since reference or first frame: 83.426705000 seconds]
>     Frame Number: 166785
>     Packet Length: 78 bytes
>     Capture Length: 78 bytes
>     [Frame is marked: True]
>     [Protocols in frame: eth:ip:udp:data]
> Ethernet II, Src: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52), Dst:
> Intel_c3:4b:b0 (00:0e:0c:c3:4b:b0)
>     Destination: Intel_c3:4b:b0 (00:0e:0c:c3:4b:b0)
>         Address: Intel_c3:4b:b0 (00:0e:0c:c3:4b:b0)
>         .... ...0 .... .... .... .... = IG bit: Individual address
> (unicast)
>         .... ..0. .... .... .... .... = LG bit: Globally unique address
> (factory default)
>     Source: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52)
>         Address: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52)
>         .... ...0 .... .... .... .... = IG bit: Individual address
> (unicast)
>         .... ..0. .... .... .... .... = LG bit: Globally unique address
> (factory default)
>     Type: IP (0x0800)
> Internet Protocol, Src: 192.168.255.16 (192.168.255.16), Dst:
> 192.168.255.143 (192.168.255.143)
>     Version: 4
>     Header length: 20 bytes
>     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
>         0000 00.. = Differentiated Services Codepoint: Default (0x00)
>         .... ..0. = ECN-Capable Transport (ECT): 0
>         .... ...0 = ECN-CE: 0
>     Total Length: 64
>     Identification: 0x0000 (0)
>     Flags: 0x04 (Don't Fragment)
>         0... = Reserved bit: Not set
>         .1.. = Don't fragment: Set
>         ..0. = More fragments: Not set
>     Fragment offset: 0
>     Time to live: 64
>     Protocol: UDP (0x11)
>     Header checksum: 0xbabb [correct]
>         [Good: True]
>         [Bad : False]
>     Source: 192.168.255.16 (192.168.255.16)
>     Destination: 192.168.255.143 (192.168.255.143)
> User Datagram Protocol, Src Port: 9013 (9013), Dst Port: 9013 (9013)
>     Source port: 9013 (9013)
>     Destination port: 9013 (9013)
>     Length: 44
>     Checksum: 0xcd18 [correct]
>         [Good Checksum: True]
>         [Bad Checksum: False]
> Data (36 bytes)
>
> 0000  00 24 4a 00 01 17 00 00 00 00 02 58 40 0f 10 00   .$J........X@...
> 0010  01 40 00 0a 00 00 64 14 08 01 19 02 80 00 00 00   .@....d.........
> 0020  c8 00 00 1c
>
>
>
> Thanks & Regards,
> Vaibhav
>
>
>
>              "Luis EG Ontanon"
>              <luis.ontanon@gma
>              il.com>
To
>              Sent by:                  "Community support list for
>              wireshark-users-b         Wireshark"
>              ounces@wireshark.         <wireshark-users@xxxxxxxxxxxxx>
>              org
cc
>
>
Subject
>              08/06/2007 04:35          Re: [Wireshark-users] I am not
>              PM                        decode the Nbap and sscop
messages.
>
>
>              Please respond to
>              Community support
>                  list for
>                  Wireshark
>              <wireshark-users@
>               wireshark.org>
>
>
>
>
>
>
> Which kind of file are you using?
>
> On 06-Aug-2007 16:25:13 ZE5B, vaibhav.agarwal@xxxxxxxxxxx
> <vaibhav.agarwal@xxxxxxxxxxx> wrote:
> >
> >
> >
> >
> >
> > Hi,
> >
> > I am using wireshark version 0.99.5,
> > But I donot decode sscop and Nbap layer messages.
> >
> > please tell what is the procedure how to decode these layer messages.
> >
> >
> > Thanks & Regards,
> > Vaibhav
> >
> > ***********************  Aricent-Unclassified   ***********************
> >
> > "DISCLAIMER: This message is proprietary to Aricent  and is intended
> solely
> > for the use of
> > the individual to whom it is addressed. It may contain privileged or
> > confidential information and should not be
> > circulated or used for any purpose other than for what it is intended.
If
> > you have received this message in error,
> > please notify the originator immediately. If you are not the intended
> > recipient, you are notified that you are strictly
> > prohibited from using, copying, altering, or disclosing the contents of
> > this message. Aricent accepts no responsibility for
> > loss or damage arising from the use of the information transmitted by
> this
> > email including damage from virus."
> >
> >
> >
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-users
> >
>
>
> --
> This information is top security. When you have read it, destroy
yourself.
> -- Marshall McLuhan
>
> Propertarianism joined to capitalist vigor destroyed meaningful
> commercial competition, but when it came to making good software,
> anarchism won.
> -- Eben Moglen
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
>
> ***********************  Aricent-Unclassified   ***********************
>
> ***********************  Aricent-Unclassified   ***********************
>
> "DISCLAIMER: This message is proprietary to Aricent  and is intended
solely
> for the use of
> the individual to whom it is addressed. It may contain privileged or
> confidential information and should not be
> circulated or used for any purpose other than for what it is intended. If
> you have received this message in error,
> please notify the originator immediately. If you are not the intended
> recipient, you are notified that you are strictly
> prohibited from using, copying, altering, or disclosing the contents of
> this message. Aricent accepts no responsibility for
> loss or damage arising from the use of the information transmitted by
this
> email including damage from virus."
>
>
>
>


--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan

Propertarianism joined to capitalist vigor destroyed meaningful
commercial competition, but when it came to making good software,
anarchism won.
-- Eben Moglen




***********************  Aricent-Unclassified   ***********************

"DISCLAIMER: This message is proprietary to Aricent  and is intended solely
for the use of
the individual to whom it is addressed. It may contain privileged or
confidential information and should not be
circulated or used for any purpose other than for what it is intended. If
you have received this message in error,
please notify the originator immediately. If you are not the intended
recipient, you are notified that you are strictly
prohibited from using, copying, altering, or disclosing the contents of
this message. Aricent accepts no responsibility for
loss or damage arising from the use of the information transmitted by this
email including damage from virus."


_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users