Wireshark · Wireshark-users: Re: [Wireshark-users] IUA decode

Wireshark-users: Re: [Wireshark-users] IUA decode

From: "Alan Jay Weiner" <a.weiner@xxxxxxxxxx>

Date: Tue, 11 Mar 2008 20:24:59 -0400

Hi Ravi,
I see several things about this packet:

1) it's using Adler-32 checksum instead of CRC32c  (see RFC 3309)

2) the upper-layer protocol (payload protocol identifier) is not specified
(it is 0; for IUA it should be 0x01).  I'm not sure why the rest of the
packet is decoded; it seems to me it should be treated as opaque data and
not decoded.

Assuming that decoding it is correct, then the IUA decodes as a Release
Indication (message class 0x05, message type 0x0a; see RFC 4233 section
3.1.2), and includes an Integer Interface ID as a parameter.  But the IID
parameter length is given as 45 - it should be 8 for an integer-based
Interface ID.  The parameter tag of 0x01 indicates the Integer Interface
Identifier.  Perhaps it should be 0x03 for a text-based Interface
Identifier?  (see RFC 4233 section 3.2; figures 3 and 4)

Hope this helps!

- Al Weiner -

 
----------------------------------------------------------------------------
Alan Jay Weiner / Valid8.com, Inc. - Conform, Perform & Excel(tm)
500 W Cummings Park, Suite #2700, Woburn, MA 01801, USA
a.weiner@xxxxxxxxxx / Tel:+1-781-938-1221 x112, Fax +1-781-207-0550
http://www.VALID8.com 
 
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Ravi Rajaratnam
Sent: Tuesday, March 11, 2008 3:48 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] IUA decode

Thanks Anders.


Pls find attached a copy of file containing IUA messages. You will see
v5UA messages as well. v5UA decodes are fine. 

regards
Ravi 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Anders
Broman
Sent: Tuesday, 11 March 2008 7:50 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] IUA decode

Hi,
The latest version is 0.99.8. If you can post the trace file instead we
could take a look at it to try to determine what's
wrong.
Regards
Anders 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Ravi
Rajaratnam
Sent: den 11 mars 2008 00:31
To: Community support list for Wireshark
Subject: [Wireshark-users] IUA decode

Sigtran experts!

I have captured IUA  messages using wireshark and tried to  extract Q931
messages and I see malformed packet.(pls refer to the attached screen
shot)

Can anyone pls help me to decode this message. Do I need to download the
latest version wireshark application to decode. If so pls let me know
the latest application.

regards

Ravi 

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Follow-Ups:
- Re: [Wireshark-users] IUA decode
  - From: Ravi Rajaratnam

References:
- Re: [Wireshark-users] Router broken or is my Linux crazy? *Smallest* log included
  - From: Monkey D. Luffy
- Re: [Wireshark-users] Router broken or is my Linux crazy? *Smallest* log included
  - From: Monkey D. Luffy
- Re: [Wireshark-users] Router broken or is my Linux crazy? *Smallest* log included
  - From: Monkey D. Luffy
- Re: [Wireshark-users] Router broken or is my Linux crazy? *Smallest* log included
  - From: Stephen Fisher
- [Wireshark-users] IUA decode
  - From: Ravi Rajaratnam
- Re: [Wireshark-users] IUA decode
  - From: Anders Broman
- Re: [Wireshark-users] IUA decode
  - From: Ravi Rajaratnam

Prev by Date: Re: [Wireshark-users] frame loss
Next by Date: [Wireshark-users] I have a question
Previous by thread: Re: [Wireshark-users] IUA decode
Next by thread: Re: [Wireshark-users] IUA decode
Index(es):
- Date
- Thread