Wireshark-users: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
From: Michael Tüxen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
Date: Sat, 20 Jun 2009 22:16:37 +0200
Hi Ravi,

try using the 1.2.0 version. Here is the output I get when using
tshark (wireshark is similar):

[mba:~/Documents/wireshark/trunk] tuexen% ./tshark -V -r ~/Desktop/ sample_m3uav2.pkt
Frame 1 (126 bytes on wire, 126 bytes captured)
    Arrival Time: Jan  1, 2000 02:32:46.917047000
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 126 bytes
    Capture Length: 126 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:sctp:m3ua:sccp:ranap]
Ethernet II, Src: Cisco_3d:d4:c6 (00:22:0c:3d:d4:c6), Dst: Cisco_e5:03:c7 (00:21:d7:e5:03:c7)
    Destination: Cisco_e5:03:c7 (00:21:d7:e5:03:c7)
        Address: Cisco_e5:03:c7 (00:21:d7:e5:03:c7)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Cisco_3d:d4:c6 (00:22:0c:3d:d4:c6)
        Address: Cisco_3d:d4:c6 (00:22:0c:3d:d4:c6)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 172.25.141.135 (172.25.141.135), Dst: 172.25.141.119 (172.25.141.119)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x02 (DSCP 0x00: Default; ECN: 0x02)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..1. = ECN-Capable Transport (ECT): 1
        .... ...0 = ECN-CE: 0
    Total Length: 112
    Identification: 0x13d9 (5081)
    Flags: 0x04 (Don't Fragment)
        0... = Reserved bit: Not set
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 63
    Protocol: SCTP (0x84)
    Header checksum: 0xb3fd [validation disabled]
        [Good: False]
        [Bad : False]
    Source: 172.25.141.135 (172.25.141.135)
    Destination: 172.25.141.119 (172.25.141.119)
Stream Control Transmission Protocol, Src Port: m3ua (2905), Dst Port: 52517 (52517)
    Source port: 2905
    Destination port: 52517
    Verification tag: 0x946ae867
    Checksum: 0x4efba9d3 (not verified)
SACK chunk (Cumulative TSN: 319975428, a_rwnd: 192000, gaps: 0, duplicate TSNs: 0)
        Chunk type: SACK (3)
            0... .... = Bit: Stop processing of the packet
            .0.. .... = Bit: Do not report
        Chunk flags: 0x01
            .... ...1 = Nounce sum: 1
        Chunk length: 16
        Cumulative TSN ACK: 319975428
        Advertised receiver window credit (a_rwnd): 192000
        Number of gap acknowledgement blocks: 0
        Number of duplicated TSNs: 0
DATA chunk(ordered, complete segment, TSN: 1315479841, SID: 12, SSN: 28603, PPID: 3, payload length: 48 bytes)
        Chunk type: DATA (0)
            0... .... = Bit: Stop processing of the packet
            .0.. .... = Bit: Do not report
        Chunk flags: 0x03
            .... ...1 = E-Bit: Last segment
            .... ..1. = B-Bit: First segment
            .... .0.. = U-Bit: Ordered delivery
            .... 0... = I-Bit: Possibly delay SACK
        Chunk length: 64
        TSN: 1315479841
        Stream Identifier: 0x000c
        Stream sequence number: 28603
        Payload protocol identifier: M3UA (3)
MTP 3 User Adaptation Layer
    Version: Release 1 (1)
    Reserved: 0x00
    Message class: Transfer messages (1)
    Message type: Payload data (DATA) (1)
    Message length: 48
    Network appearance (8)
        Parameter Tag: Network appearance (512)
        Parameter length: 8
        Network appearance: 8
    Protocol data (SS7 message of 14 bytes)
        Parameter Tag: Protocol data (528)
        Parameter length: 30
        OPC: 2547
        DPC: 2996
        SI: SCCP (3)
        NI: 2
        MP: 0
        SLS: 12
        MTP3 equivalents
            OPC: 2547
            DPC: 2996
            PC: 2547
            PC: 2996
            NI: 2
        Padding: 0000
Signalling Connection Control Part
    Message Type: Data Form 1 (0x06)
    Destination Local Reference: 0x4f8810
    .... ...0 = More data: No more data (0x00)
    Pointer to first Mandatory Variable parameter: 1
Radio Access Network Application Part
    RANAP-PDU: successfulOutcome (1)
        successfulOutcome
            procedureCode: id-Iu-Release (1)
            criticality: reject (0)
            value
                Iu-ReleaseComplete
                    protocolIEs: 0 items

Is this what you want?

Best regards
Michael

On Jun 19, 2009, at 11:10 AM, Ravi Rajaratnam wrote:

Hi Michael,

I use Version 1.0.5 (SVN Rev 26954).Were you able to see the RANAP messges?
regards
Ravi

________________________________

From: wireshark-users-bounces@xxxxxxxxxxxxx on behalf of Michael Tüxen
Sent: Fri 19/06/2009 08:36
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins



Hi Ravi,

your capture files is handled correctly (at least I think) by
the current version of Wireshark.

Which version of Wireshark are you using?

Best regards
Michael

On Jun 15, 2009, at 4:02 PM, Ravi Rajaratnam wrote:



Michael,
Thanks for your reply. What I see here is mulformed packet after the
M3UA-v2 header.. I had similar issue with IUA for Q931 and was
resolved by our vender as they use propritory version. So they sent
me a copy of plugins.

Pls find attached a copy of the sample trace.

Best regards

Ravi

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx
] On Behalf Of Michael Tüxen
Sent: Tuesday, 16 June 2009 8:30 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins

Hi ravi,

M3UA is supported by Wireshark (for a long time) without the
need of a plugin.

Best regards
Michael

On Jun 14, 2009, at 6:54 PM, Ravi Rajaratnam wrote:

Hi,
Can anyone got the DLL plug-in to dissect M3UA version 2.?


Ravi

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx

Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
          mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx

Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
           mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
<
sample_m3uav2
.pkt

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx

Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
           mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


< winmail .dat > ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe