Wireshark-users: Re: [Wireshark-users] Fw: I am not decode the Nbap andsscopmessages.
Date: 07-Aug-2007 16:44:48 ZE5B
Hi Andres,
Not RRC not directely on UDP,
But stack is like this :- UDP-> FP-> MAC-> RLC-> RRC (But only difference
is this FP over UDP not on ATM).
I pasted sample log :-
No. Time Source Destination Protocol
Info
143 3.986025 192.168.255.16 192.168.255.142 UDP
Source port: 5004 Destination port: 9010
Frame 143 (68 bytes on wire, 68 bytes captured)
Arrival Time: Aug 7, 2007 10:50:49.035925000
[Time delta from previous captured frame: 0.028714000 seconds]
[Time delta from previous displayed frame: 0.241219000 seconds]
[Time since reference or first frame: 3.986025000 seconds]
Frame Number: 143
Frame Length: 68 bytes
Capture Length: 68 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:data]
Ethernet II, Src: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52), Dst:
00:dd:1f:c0:01:ee (00:dd:1f:c0:01:ee)
Destination: 00:dd:1f:c0:01:ee (00:dd:1f:c0:01:ee)
Address: 00:dd:1f:c0:01:ee (00:dd:1f:c0:01:ee)
.... ...0 .... .... .... .... = IG bit: Individual address
(unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52)
Address: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52)
.... ...0 .... .... .... .... = IG bit: Individual address
(unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.255.16 (192.168.255.16), Dst:
192.168.255.142 (192.168.255.142)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 54
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xbac6 [correct]
[Good: True]
[Bad : False]
Source: 192.168.255.16 (192.168.255.16)
Destination: 192.168.255.142 (192.168.255.142)
User Datagram Protocol, Src Port: 5004 (5004), Dst Port: 9010 (9010)
Source port: 5004 (5004)
Destination port: 9010 (9010)
Length: 34
Checksum: 0x0f3c [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (26 bytes)
0000 20 78 01 18 00 04 a8 80 2a f2 01 97 54 66 cc e7 x......*...Tf..
0010 e6 2e 67 22 aa c0 00 00 29 c1 ..g"....).
Thanks & Regards,
Vaibhav
"Anders Broman"
<a.broman@telia.c
om> To
Sent by: "'Community support list for
wireshark-users-b Wireshark'"
ounces@wireshark. <wireshark-users@xxxxxxxxxxxxx>
org cc
Subject
08/07/2007 01:15 Re: [Wireshark-users] Fw: I am not
PM decode the Nbap
andsscopmessages.
Please respond to
Community support
list for
Wireshark
<wireshark-users@
wireshark.org>
Hi,
Currently not, but given a small sample file it shouldn't be to much work
to
add it. Is it RRC directly on UDP or some other protocol in between?
Regards
Anders
-----Ursprungligt meddelande-----
Från: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] För
vaibhav.agarwal@xxxxxxxxxxx
Skickat: den 7 augusti 2007 14:59
Till: Luis EG Ontanon
Kopia: Community support list for Wireshark
Ämne: Re: [Wireshark-users] Fw: I am not decode the Nbap and sscopmessages.
Hi,
Thanks
After dowloading the wireshark 0.99.6a, now it decode the sscop with Nbap
over UDP.
I have one more query is there any support RRC over udp.
Thanks & Regards,
Vaibhav
"Luis EG Ontanon"
<luis.ontanon@gma
il.com> To
Vaibhav Agarwal/NokiaDDF@NOKIADDF
08/06/2007 07:09 cc
PM
Subject
Re: Fw: [Wireshark-users] I am not
decode the Nbap and sscop
messages.
Well I was taking a look at the preferences of SSCOP and I discover
that Wireshark is already enabled to decode SSCOP with NBAP over UDP.
If the preferences for SSCOP in 0.99.5 do not have an "UDP port range"
download 0.99.6 because it does have it already.
(BTW: remove that line from init.lua or else it won't work)
Luis
On 06-Aug-2007 18:40:42 ZE5B, vaibhav.agarwal@xxxxxxxxxxx
<vaibhav.agarwal@xxxxxxxxxxx> wrote:
>
>
>
>
>
> Hi Luis,
> Thanks!!
> Now, Nbap is working. Nbap messages decode by wireshark.
>
> But now one problem comes Below Nbap Layer sscop layer exist, Now
wireshark
> consider each and every message as a NBAP message.
> That's why wireshark consider sscop message as a nbap message and gives
> error.
>
> please help how to configure sscop layer also on same port.
>
> Type: IP (0x0800)
> Trailer: 00000000000000000000
> Internet Protocol, Src: 192.168.255.143 (192.168.255.143), Dst:
> 192.168.255.16 (192.168.255.16)
> Version: 4
> Header length: 20 bytes
> Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
> 0000 00.. = Differentiated Services Codepoint: Default (0x00)
> .... ..0. = ECN-Capable Transport (ECT): 0
> .... ...0 = ECN-CE: 0
> Total Length: 36
> Identification: 0xf625 (63013)
> Flags: 0x00
> 0... = Reserved bit: Not set
> .0.. = Don't fragment: Not set
> ..0. = More fragments: Not set
> Fragment offset: 0
> Time to live: 64
> Protocol: UDP (0x11)
> Header checksum: 0x04b2 [correct]
> [Good: True]
> [Bad : False]
> Source: 192.168.255.143 (192.168.255.143)
> Destination: 192.168.255.16 (192.168.255.16)
> User Datagram Protocol, Src Port: 9013 (9013), Dst Port: 9013 (9013)
> Source port: 9013 (9013)
> Destination port: 9013 (9013)
> Length: 16
> Checksum: 0x377b [correct]
> [Good Checksum: True]
> [Bad Checksum: False]
> UTRAN Iub interface NBAP signalling
> NBAP-PDU: initiatingMessage (0)
> initiatingMessage
> procedureID
> procedureCode: id-audit (0)
> ddMode: tdd (0)
> criticality: reject (0)
> messageDiscriminator: common (0)
> transactionID: shortTransActionId (0)
> shortTransActionId: 10
> initiatingMessageValue
> id-audit
> protocolIEs: 205 items
> Item 0
> Item
> [Malformed Packet: NBAP]
>
>
>
> Thanks & Regards,
> Vaibhav
>
>
>
> "Luis EG Ontanon"
> <luis.ontanon@gma
> il.com>
To
> Vaibhav Agarwal/NokiaDDF@NOKIADDF
> 08/06/2007 05:15
cc
> PM
>
Subject
> Re: Fw: [Wireshark-users] I am not
> decode the Nbap and sscop
> messages.
>
>
>
>
>
>
>
>
>
>
> So that's NBAP running atop UDP...
> which we do not have it registered for.
> can you edit the file init.lua
> and add the following line at the very beggining:
>
> DissectorTable.get("udp.port"):add(9013, Dissector.get("nbap"));
>
>
> then try to open the file again.
>
> Luis
>
> On 06-Aug-2007 17:00:21 ZE5B, vaibhav.agarwal@xxxxxxxxxxx
> <vaibhav.agarwal@xxxxxxxxxxx> wrote:
> >
> >
> >
> >
> >
> >
> >
> > Hi,
> >
> > I am using .pcap file.
> >
> > This packet contain the Nbap message but Wireshark does not decode this
> > message (I Enable all the protocols through "Enables protocols"
option).
> >
> > Please tell me the reason.
> >
> > No. Time Source Destination
Protocol
> > Info
> > 166785 83.426705 192.168.255.16 192.168.255.143 UDP
> > Source port: 9013 Destination port: 9013
> >
> > Frame 166785 (78 bytes on wire, 78 bytes captured)
> > Arrival Time: Aug 6, 2007 11:44:58.239002000
> > [Time delta from previous packet: 0.032667000 seconds]
> > [Time since reference or first frame: 83.426705000 seconds]
> > Frame Number: 166785
> > Packet Length: 78 bytes
> > Capture Length: 78 bytes
> > [Frame is marked: True]
> > [Protocols in frame: eth:ip:udp:data]
> > Ethernet II, Src: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52), Dst:
> > Intel_c3:4b:b0 (00:0e:0c:c3:4b:b0)
> > Destination: Intel_c3:4b:b0 (00:0e:0c:c3:4b:b0)
> > Address: Intel_c3:4b:b0 (00:0e:0c:c3:4b:b0)
> > .... ...0 .... .... .... .... = IG bit: Individual address
> > (unicast)
> > .... ..0. .... .... .... .... = LG bit: Globally unique address
> > (factory default)
> > Source: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52)
> > Address: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52)
> > .... ...0 .... .... .... .... = IG bit: Individual address
> > (unicast)
> > .... ..0. .... .... .... .... = LG bit: Globally unique address
> > (factory default)
> > Type: IP (0x0800)
> > Internet Protocol, Src: 192.168.255.16 (192.168.255.16), Dst:
> > 192.168.255.143 (192.168.255.143)
> > Version: 4
> > Header length: 20 bytes
> > Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
> > 0000 00.. = Differentiated Services Codepoint: Default (0x00)
> > .... ..0. = ECN-Capable Transport (ECT): 0
> > .... ...0 = ECN-CE: 0
> > Total Length: 64
> > Identification: 0x0000 (0)
> > Flags: 0x04 (Don't Fragment)
> > 0... = Reserved bit: Not set
> > .1.. = Don't fragment: Set
> > ..0. = More fragments: Not set
> > Fragment offset: 0
> > Time to live: 64
> > Protocol: UDP (0x11)
> > Header checksum: 0xbabb [correct]
> > [Good: True]
> > [Bad : False]
> > Source: 192.168.255.16 (192.168.255.16)
> > Destination: 192.168.255.143 (192.168.255.143)
> > User Datagram Protocol, Src Port: 9013 (9013), Dst Port: 9013 (9013)
> > Source port: 9013 (9013)
> > Destination port: 9013 (9013)
> > Length: 44
> > Checksum: 0xcd18 [correct]
> > [Good Checksum: True]
> > [Bad Checksum: False]
> > Data (36 bytes)
> >
> > 0000 00 24 4a 00 01 17 00 00 00 00 02 58 40 0f 10 00
.$J........X@...
> > 0010 01 40 00 0a 00 00 64 14 08 01 19 02 80 00 00 00
.@....d.........
> > 0020 c8 00 00 1c
> >
> >
> >
> > Thanks & Regards,
> > Vaibhav
> >
> >
> >
> > "Luis EG Ontanon"
> > <luis.ontanon@gma
> > il.com>
> To
> > Sent by: "Community support list for
> > wireshark-users-b Wireshark"
> > ounces@wireshark. <wireshark-users@xxxxxxxxxxxxx>
> > org
> cc
> >
> >
> Subject
> > 08/06/2007 04:35 Re: [Wireshark-users] I am not
> > PM decode the Nbap and sscop
> messages.
> >
> >
> > Please respond to
> > Community support
> > list for
> > Wireshark
> > <wireshark-users@
> > wireshark.org>
> >
> >
> >
> >
> >
> >
> > Which kind of file are you using?
> >
> > On 06-Aug-2007 16:25:13 ZE5B, vaibhav.agarwal@xxxxxxxxxxx
> > <vaibhav.agarwal@xxxxxxxxxxx> wrote:
> > >
> > >
> > >
> > >
> > >
> > > Hi,
> > >
> > > I am using wireshark version 0.99.5,
> > > But I donot decode sscop and Nbap layer messages.
> > >
> > > please tell what is the procedure how to decode these layer messages.
> > >
> > >
> > > Thanks & Regards,
> > > Vaibhav
> > >
> > > *********************** Aricent-Unclassified
***********************
> > >
> > > "DISCLAIMER: This message is proprietary to Aricent and is intended
> > solely
> > > for the use of
> > > the individual to whom it is addressed. It may contain privileged or
> > > confidential information and should not be
> > > circulated or used for any purpose other than for what it is
intended.
> If
> > > you have received this message in error,
> > > please notify the originator immediately. If you are not the intended
> > > recipient, you are notified that you are strictly
> > > prohibited from using, copying, altering, or disclosing the contents
of
> > > this message. Aricent accepts no responsibility for
> > > loss or damage arising from the use of the information transmitted by
> > this
> > > email including damage from virus."
> > >
> > >
> > >
> > > _______________________________________________
> > > Wireshark-users mailing list
> > > Wireshark-users@xxxxxxxxxxxxx
> > > http://www.wireshark.org/mailman/listinfo/wireshark-users
> > >
> >
> >
> > --
> > This information is top security. When you have read it, destroy
> yourself.
> > -- Marshall McLuhan
> >
> > Propertarianism joined to capitalist vigor destroyed meaningful
> > commercial competition, but when it came to making good software,
> > anarchism won.
> > -- Eben Moglen
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-users
> >
> >
> >
> > *********************** Aricent-Unclassified ***********************
> >
> > *********************** Aricent-Unclassified ***********************
> >
> > "DISCLAIMER: This message is proprietary to Aricent and is intended
> solely
> > for the use of
> > the individual to whom it is addressed. It may contain privileged or
> > confidential information and should not be
> > circulated or used for any purpose other than for what it is intended.
If
> > you have received this message in error,
> > please notify the originator immediately. If you are not the intended
> > recipient, you are notified that you are strictly
> > prohibited from using, copying, altering, or disclosing the contents of
> > this message. Aricent accepts no responsibility for
> > loss or damage arising from the use of the information transmitted by
> this
> > email including damage from virus."
> >
> >
> >
> >
>
>
> --
> This information is top security. When you have read it, destroy
yourself.
> -- Marshall McLuhan
>
> Propertarianism joined to capitalist vigor destroyed meaningful
> commercial competition, but when it came to making good software,
> anarchism won.
> -- Eben Moglen
>
>
>
>
> *********************** Aricent-Unclassified ***********************
>
> "DISCLAIMER: This message is proprietary to Aricent and is intended
solely
> for the use of
> the individual to whom it is addressed. It may contain privileged or
> confidential information and should not be
> circulated or used for any purpose other than for what it is intended. If
> you have received this message in error,
> please notify the originator immediately. If you are not the intended
> recipient, you are notified that you are strictly
> prohibited from using, copying, altering, or disclosing the contents of
> this message. Aricent accepts no responsibility for
> loss or damage arising from the use of the information transmitted by
this
> email including damage from virus."
>
>
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
Propertarianism joined to capitalist vigor destroyed meaningful
commercial competition, but when it came to making good software,
anarchism won.
-- Eben Moglen
*********************** Aricent-Unclassified ***********************
"DISCLAIMER: This message is proprietary to Aricent and is intended solely
for the use of
the individual to whom it is addressed. It may contain privileged or
confidential information and should not be
circulated or used for any purpose other than for what it is intended. If
you have received this message in error,
please notify the originator immediately. If you are not the intended
recipient, you are notified that you are strictly
prohibited from using, copying, altering, or disclosing the contents of
this message. Aricent accepts no responsibility for
loss or damage arising from the use of the information transmitted by this
email including damage from virus."
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
*********************** Aricent-Unclassified ***********************
"DISCLAIMER: This message is proprietary to Aricent and is intended solely
for the use of
the individual to whom it is addressed. It may contain privileged or
confidential information and should not be
circulated or used for any purpose other than for what it is intended. If
you have received this message in error,
please notify the originator immediately. If you are not the intended
recipient, you are notified that you are strictly
prohibited from using, copying, altering, or disclosing the contents of
this message. Aricent accepts no responsibility for
loss or damage arising from the use of the information transmitted by this
email including damage from virus."
- Follow-Ups:
- Re: [Wireshark-users] Fw: I am not decode the Nbap andsscopmessages.
- From: Martin Mathieson
- Re: [Wireshark-users] Fw: I am not decode the Nbap andsscopmessages.
- From: Martin Andersson
- Re: [Wireshark-users] Fw: I am not decode the Nbap andsscopmessages.
- References:
- Re: [Wireshark-users] Fw: I am not decode the Nbap and sscopmessages.
- From: Anders Broman
- Re: [Wireshark-users] Fw: I am not decode the Nbap and sscopmessages.
- Prev by Date: [Wireshark-users] capturing 802.11 management frames
- Next by Date: [Wireshark-users] Replaying IP only capture
- Previous by thread: Re: [Wireshark-users] Fw: I am not decode the Nbap andsscopmessages.
- Next by thread: Re: [Wireshark-users] Fw: I am not decode the Nbap andsscopmessages.
- Index(es):