Wireshark-users: Re: [Wireshark-users] Wish to Decode MTP2 message encapsulated inside UDP header
From: "Satish Chandra" <satishchandra.lko@xxxxxxxxx>
Date: Sat, 27 Dec 2008 02:48:38 +0530
Hi all,

I did it. I am able to decode the message now.

The line: "dissector_add("udp.port", 2906, mtp2_handle); " is the key.

Thanks to all for the help.

Thanks Regards,
Satish Chandra

On Sat, Dec 27, 2008 at 2:32 AM, Satish Chandra <satishchandra.lko@xxxxxxxxx> wrote:
Well, that is not my purpose. I wish to find out a way in which I can decode MTP2 message encapsulated inside UDP header.


On Sat, Dec 27, 2008 at 2:25 AM, Michael Tüxen <Michael.Tuexen@xxxxxxxxxxxxxxxxx> wrote:
Hi,

if you have a hexdump you can use text2pcap and convert it
to a pcap file which is readable by Wireshark. It will show
the MTP2 packets...

Best regards
Michael

On Dec 26, 2008, at 9:15 PM, Satish Chandra wrote:

> Hi,
>
> I have got a mtp2 hex dump. I have written a trivial client/server
> program and running both on my system. I am passing this mtp2 hex
> dump on the udp socket using the client program. I use wireshark to
> capture the packet on my ethernet card. So, in this way, complete
> mtp2 message gets encapsulated inside an UDP packet. Wireshark is
> able to capture the UDP packet but not able to decode it. It shows
> the complete mtp2 packet as Data. I tried the same for SCTP packets
> and it was successfully decoded.
>
> I also tried adding the following code to packet-mtp2.c file:
> dissector_add("udp.port", 2906, mtp2_handle);           /* 2906 is
> an arbitrary port */
>
> compiled again, but still no success.
>
> Although dissectors of both the protocols are present, I think, I
> just need to some how invoke mtp2 dissector after UDP dissector.
>
> Can anyone help me please.
>
> Thanks Regards,
> Satish Chandra
>
> On Fri, Dec 26, 2008 at 9:24 PM, Abhik Sarkar
> <sarkar.abhik@xxxxxxxxx> wrote:
> Hi Satish,
>
> Is the entire MTP2 packet encapsulated in a UDP datagram as it is?
> What is the source of this UDP data stream? Just in case you are using
> the Cisco paklog functionality, you need to Decode As syslog and try.
>
> HTH
> Abhik.
>
> On Fri, Dec 26, 2008 at 7:34 PM, Satish Chandra
> <satishchandra.lko@xxxxxxxxx> wrote:
> > Hi,
> >
> > I wish to decode a MTP2 message which is encapsulated with UDP
> header, but
> > wireshark shows the complete message as Data and doesn't decodes it.
> >
> > I tried to use the "Decode As" option but was surprised to see
> that MTP2 was
> > missing from the list for UDP message.
> >
> > Can anyone help me with this. If it is not possible via
> configuration, can I
> > modify the dissector code of UDP or MTP2 so that MTP2 packets
> inside UDP
> > header are dissected. Where can I find the source code of UDP and
> MTP2
> > protocol dissectors for wireshark?
> >
> > --
> > Thanks Regards,
> > Satish Chandra
> >
> >
> ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx
> >
> > Archives:    http://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> >
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx
> >
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
> --
> Thanks Regards,
> Satish Chandra
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx
> >
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Thanks Regards,
Satish Chandra



--
Thanks Regards,
Satish Chandra