Wireshark-users: Re: [Wireshark-users] [Bug 3360]Wiresharkgivesdecodingerrorduring rnsap messaged
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Anders Broman" <anders.broman@xxxxxxxxxxxx>
Date: Mon, 6 Apr 2009 17:23:43 +0200
Hi,
>So I think there is no problem in SCCP level reassembly.
Yes probably, packet 9 seems to contain 2 SCCP messages that may be the
cause...
I'm not sure how to fix this one though.
Regards
Anders

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Tapas
Chatterjee
Sent: den 6 april 2009 14:55
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] [Bug
3360]Wiresharkgivesdecodingerrorduring rnsap messagedissection

Hi,
I have checked with SVN 27931 also now the decoding is start right way
But after reaching the point "rNC-Id 108" it is stop dissecting and show
the message "packet size limited during capture"(may be due to
reassemble off). I am sending as attachment with the current decoding
screen shot. But my query is hex dump used for decoding the message in
our internal tool after getting the message in SCCP reassembly. So I
think there is no problem in SCCP level reassembly.

With regards,
Tapas


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Anders
Broman
Sent: Friday, April 03, 2009 7:21 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] [Bug 3360]
Wiresharkgivesdecodingerrorduring rnsap messagedissection

Hi,
Please check with SVN 27931 where the SEQUENCE OF extensions should be
OK, turn off SCCP reassembly (Edit-preferences-sccp) And follow the
decoding until it goes wrong, then we can disscuss the differences...
Regards
Anders

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Tapas
Chatterjee
Sent: den 3 april 2009 13:59
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] [Bug 3360]
Wiresharkgivesdecodingerrorduring rnsap messagedissection

Hi,
If encoding is wrong then our internal tool can't decodes it properly
also you have decoded the same message in some way which is also similar
with our decoding. So I think there is no problem in encoding procedure.
Also when I have tried to move one byte offset by forcefully before
start decoding "neighbouring-FDD-CellInfo" its doing fine but in the
case of array of extension field it gives some wrong result I know it is
not feasible way may be here need some modification in packet-per.c file
and asn2wrs.py files. I have also tried the SVN 27853 correction patch
but it is not working Gives some error like "UNKNOWN PER: 10.9.3.8.1"
Another one you have mentioned
c-ID: 331
00f0   01 4b
But I haven't got that point where you are getting such value in the
capture?
Are you assuming this value according to the IEs definition?
Please help to resolve this issue.
With regards,
Tapas

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Anders
Broman
Sent: Thursday, April 02, 2009 8:52 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] [Bug 3360] Wireshark
givesdecodingerrorduring rnsap messagedissection

Hi,
I think your encoding may be wrong:

normally (INTEGER) = 9812  //raj 38

>From 3GPP TS 25.423: RNSAP shall use the ASN.1 Basic Packed Encoding
Rules (BASIC-PER) Aligned Variant
:
c-ID: 331
00f0   01 4b
Next bit is the extension bit ( bit 8 of 00f2) 0... .... Extension
Present Bit: False Next "uARFCNforNu: 9812(actually 38)" should be
encoded and I think that should be placed byte aligned 16bits(/*
10.5.7.3 */ ) Not 8.

Regards
Anders

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Anders
Broman
Sent: den 26 mars 2009 10:07
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] [Bug 3360] Wireshark gives
decodingerrorduring rnsap messagedissection

Hi,
Does this decoding look right to you?
Fore some reeason dissecting the actual trace with my fix does not
work(reassembly???) but I extracted the rnsap data And used text2pcap to
crate a new packet. (
Edit->preferenses_>protocols->DLT_USER 150 -> rnsap).
Regards
Anders


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Tapas
Chatterjee
Sent: den 26 mars 2009 05:41
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] [Bug 3360] Wireshark gives decoding
errorduring rnsap messagedissection

Hi,
I am decoding the message some of our internal tools (based on ASN)
which gives the correct decoding result. So I think there is no error in
the message.
Regards
Tapas
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Anders
Broman
Sent: Wednesday, March 25, 2009 10:38 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] [Bug 3360] Wireshark gives decoding
errorduring rnsap messagedissection

Hi,
Do you have a "Correct" decoding by some other tool?
I think the problem may be due to:
Neighbouring-FDD-CellInformation ::= SEQUENCE ( SIZE
(1..maxNrOfFDDNeighboursPerRNC,...)) OF
Neighbouring-FDD-CellInformationItem
E.g the SEQUENCE OF constraint has extension which is not catered for in
Wireshark but when I try to fix it I get strange results :-( Regards
Anders

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Tapas
Chatterjee
Sent: den 25 mars 2009 13:11
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] [Bug 3360] Wireshark gives decoding error
during rnsap messagedissection



Hi,
It is going right up to rNC ID: 109 after its start dissection
"neighbouring-FDD-CellInformation"
Where C-ID the value decode now "8448" Hex "20 01" instead "331" Hex "01
4b"
So offset movement start's going wrong here.
Hope this info may help you.
Any clarity further let me know.

With regards
Tapas

-----Original Message-----
From: bugzilla-daemon@xxxxxxxxxxxxx
[mailto:bugzilla-daemon@xxxxxxxxxxxxx]
Sent: Wednesday, March 25, 2009 5:13 PM
To: Tapas Chatterjee
Subject: [Bug 3360] Wireshark gives decoding error during rnsap
messagedissection

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3360


Anders Broman <anders.broman@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
------------------------------------------------------------------------
----
                 CC|
|anders.broman@xxxxxxxxxxxx




--- Comment #1 from Anders Broman <anders.broman@xxxxxxxxxxxx>
2009-03-25 04:43:07 PDT --- Hi, Looking at packet 9

txDiversityIndicator: true (0)
0e0  2a 0a 00
           --
The next is the
iE-Extensions ProtocolExtensionContainer { {
Neighbouring-FDD-CellInformationItem-ExtIEs} } OPTIONAL,
                              .Sequence-Of Length: 46338 00e0  2a 0a 00
b5 01
               -----
So here's where it start's to go wrong is the decoding up to here
looking ok? or is WS missing some mandatorry element?
Should it have been on octet further eg '01' insted can you pinpoint
more exactly waht's wrong up to here?
Regards
Anders


--
Configure bugmail:
https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: ------- You reported the
bug.

"DISCLAIMER: This message is proprietary to Aricent and is intended
solely for the use of the individual to whom it is addressed. It may
contain privileged or confidential information and should not be
circulated or used for any purpose other than for what it is intended.
If you have received this message in error,please notify the originator
immediately. If you are not the intended recipient, you are notified
that you are strictly prohibited from using, copying, altering, or
disclosing the contents of this message. Aricent accepts no
responsibility for loss or damage arising from the use of the
information transmitted by this email including damage from virus."
________________________________________________________________________
___
Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
________________________________________________________________________
___
Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

"DISCLAIMER: This message is proprietary to Aricent and is intended
solely for the use of the individual to whom it is addressed. It may
contain privileged or confidential information and should not be
circulated or used for any purpose other than for what it is intended.
If you have received this message in error,please notify the originator
immediately. If you are not the intended recipient, you are notified
that you are strictly prohibited from using, copying, altering, or
disclosing the contents of this message. Aricent accepts no
responsibility for loss or damage arising from the use of the
information transmitted by this email including damage from virus."
________________________________________________________________________
___
Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
________________________________________________________________________
___
Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

"DISCLAIMER: This message is proprietary to Aricent and is intended
solely for the use of the individual to whom it is addressed. It may
contain privileged or confidential information and should not be
circulated or used for any purpose other than for what it is intended.
If you have received this message in error,please notify the originator
immediately. If you are not the intended recipient, you are notified
that you are strictly prohibited from using, copying, altering, or
disclosing the contents of this message. Aricent accepts no
responsibility for loss or damage arising from the use of the
information transmitted by this email including damage from virus."
________________________________________________________________________
___
Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
________________________________________________________________________
___
Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

"DISCLAIMER: This message is proprietary to Aricent and is intended
solely for the use of the individual to whom it is addressed. It may
contain privileged or confidential information and should not be
circulated or used for any purpose other than for what it is intended.
If you have received this message in error,please notify the originator
immediately. If you are not the intended recipient, you are notified
that you are strictly prohibited from using, copying, altering, or
disclosing the contents of this message. Aricent accepts no
responsibility for loss or damage arising from the use of the
information transmitted by this email including damage from virus."