Hi Ravi,
Wireshark is not able to dissect the packet correclty, because
the packet is not formatted correctly. Section 3.2 of RFC 4233
states that the length of the integer interface parameter is 8,
not 45 as in the trace.
So fix the implementation sending this packet.
Best regards
Michael
On Mar 13, 2008, at 10:14 PM, Ravi Rajaratnam wrote:
Thanks Weiner.
I think I did put my question correctly.?
What I am after is how to decode the q931 under IUA messages using
the
wireshark. I can decode v5.2 messages under V5UA without any issues.
For
some reason I am unable to decode Q931 under IUA. Both IUA & V5UA are
piggybacked on SCTP. Pls refer to my previous mail attachment for
sample
trace.
regards
Ravi
<<mailto:ravi.rajaratnam@xxxxxxxxxxxx>>
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Alan Jay
Weiner
Sent: Wednesday, 12 March 2008 11:25 AM
To: 'Community support list for Wireshark'
Subject: Re: [Wireshark-users] IUA decode
Hi Ravi,
I see several things about this packet:
1) it's using Adler-32 checksum instead of CRC32c (see RFC 3309)
2) the upper-layer protocol (payload protocol identifier) is not
specified
(it is 0; for IUA it should be 0x01). I'm not sure why the rest of
the
packet is decoded; it seems to me it should be treated as opaque data
and
not decoded.
Assuming that decoding it is correct, then the IUA decodes as a
Release
Indication (message class 0x05, message type 0x0a; see RFC 4233
section
3.1.2), and includes an Integer Interface ID as a parameter. But the
IID
parameter length is given as 45 - it should be 8 for an integer-based
Interface ID. The parameter tag of 0x01 indicates the Integer
Interface
Identifier. Perhaps it should be 0x03 for a text-based Interface
Identifier? (see RFC 4233 section 3.2; figures 3 and 4)
Hope this helps!
- Al Weiner -
------------------------------------------------------------------------
----
Alan Jay Weiner / Valid8.com, Inc. - Conform, Perform & Excel(tm)
500 W Cummings Park, Suite #2700, Woburn, MA 01801, USA
a.weiner@xxxxxxxxxx / Tel:+1-781-938-1221 x112, Fax +1-781-207-0550
http://www.VALID8.com
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Ravi
Rajaratnam
Sent: Tuesday, March 11, 2008 3:48 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] IUA decode
Thanks Anders.
Pls find attached a copy of file containing IUA messages. You will see
v5UA messages as well. v5UA decodes are fine.
regards
Ravi
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Anders
Broman
Sent: Tuesday, 11 March 2008 7:50 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] IUA decode
Hi,
The latest version is 0.99.8. If you can post the trace file instead
we
could take a look at it to try to determine what's
wrong.
Regards
Anders
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Ravi
Rajaratnam
Sent: den 11 mars 2008 00:31
To: Community support list for Wireshark
Subject: [Wireshark-users] IUA decode
Sigtran experts!
I have captured IUA messages using wireshark and tried to extract
Q931
messages and I see malformed packet.(pls refer to the attached screen
shot)
Can anyone pls help me to decode this message. Do I need to download
the
latest version wireshark application to decode. If so pls let me know
the latest application.
regards
Ravi
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
