Wireshark-users: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
From: Michael Tüxen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
Date: Sat, 20 Jun 2009 22:16:37 +0200
Hi Ravi, try using the 1.2.0 version. Here is the output I get when using tshark (wireshark is similar):[mba:~/Documents/wireshark/trunk] tuexen% ./tshark -V -r ~/Desktop/ sample_m3uav2.pkt
Frame 1 (126 bytes on wire, 126 bytes captured) Arrival Time: Jan 1, 2000 02:32:46.917047000 [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 126 bytes Capture Length: 126 bytes [Frame is marked: False] [Protocols in frame: eth:ip:sctp:m3ua:sccp:ranap]Ethernet II, Src: Cisco_3d:d4:c6 (00:22:0c:3d:d4:c6), Dst: Cisco_e5:03:c7 (00:21:d7:e5:03:c7)
Destination: Cisco_e5:03:c7 (00:21:d7:e5:03:c7) Address: Cisco_e5:03:c7 (00:21:d7:e5:03:c7).... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_3d:d4:c6 (00:22:0c:3d:d4:c6) Address: Cisco_3d:d4:c6 (00:22:0c:3d:d4:c6).... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)Internet Protocol, Src: 172.25.141.135 (172.25.141.135), Dst: 172.25.141.119 (172.25.141.119)
Version: 4 Header length: 20 bytes Differentiated Services Field: 0x02 (DSCP 0x00: Default; ECN: 0x02) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..1. = ECN-Capable Transport (ECT): 1 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x13d9 (5081) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 63 Protocol: SCTP (0x84) Header checksum: 0xb3fd [validation disabled] [Good: False] [Bad : False] Source: 172.25.141.135 (172.25.141.135) Destination: 172.25.141.119 (172.25.141.119)Stream Control Transmission Protocol, Src Port: m3ua (2905), Dst Port: 52517 (52517)
Source port: 2905 Destination port: 52517 Verification tag: 0x946ae867 Checksum: 0x4efba9d3 (not verified)SACK chunk (Cumulative TSN: 319975428, a_rwnd: 192000, gaps: 0, duplicate TSNs: 0)
Chunk type: SACK (3) 0... .... = Bit: Stop processing of the packet .0.. .... = Bit: Do not report Chunk flags: 0x01 .... ...1 = Nounce sum: 1 Chunk length: 16 Cumulative TSN ACK: 319975428 Advertised receiver window credit (a_rwnd): 192000 Number of gap acknowledgement blocks: 0 Number of duplicated TSNs: 0DATA chunk(ordered, complete segment, TSN: 1315479841, SID: 12, SSN: 28603, PPID: 3, payload length: 48 bytes)
Chunk type: DATA (0) 0... .... = Bit: Stop processing of the packet .0.. .... = Bit: Do not report Chunk flags: 0x03 .... ...1 = E-Bit: Last segment .... ..1. = B-Bit: First segment .... .0.. = U-Bit: Ordered delivery .... 0... = I-Bit: Possibly delay SACK Chunk length: 64 TSN: 1315479841 Stream Identifier: 0x000c Stream sequence number: 28603 Payload protocol identifier: M3UA (3) MTP 3 User Adaptation Layer Version: Release 1 (1) Reserved: 0x00 Message class: Transfer messages (1) Message type: Payload data (DATA) (1) Message length: 48 Network appearance (8) Parameter Tag: Network appearance (512) Parameter length: 8 Network appearance: 8 Protocol data (SS7 message of 14 bytes) Parameter Tag: Protocol data (528) Parameter length: 30 OPC: 2547 DPC: 2996 SI: SCCP (3) NI: 2 MP: 0 SLS: 12 MTP3 equivalents OPC: 2547 DPC: 2996 PC: 2547 PC: 2996 NI: 2 Padding: 0000 Signalling Connection Control Part Message Type: Data Form 1 (0x06) Destination Local Reference: 0x4f8810 .... ...0 = More data: No more data (0x00) Pointer to first Mandatory Variable parameter: 1 Radio Access Network Application Part RANAP-PDU: successfulOutcome (1) successfulOutcome procedureCode: id-Iu-Release (1) criticality: reject (0) value Iu-ReleaseComplete protocolIEs: 0 items Is this what you want? Best regards Michael On Jun 19, 2009, at 11:10 AM, Ravi Rajaratnam wrote:
Hi Michael,I use Version 1.0.5 (SVN Rev 26954).Were you able to see the RANAP messges?regards Ravi ________________________________ From: wireshark-users-bounces@xxxxxxxxxxxxx on behalf of Michael Tüxen Sent: Fri 19/06/2009 08:36 To: Community support list for Wireshark Subject: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins Hi Ravi, your capture files is handled correctly (at least I think) by the current version of Wireshark. Which version of Wireshark are you using? Best regards Michael On Jun 15, 2009, at 4:02 PM, Ravi Rajaratnam wrote:Michael, Thanks for your reply. What I see here is mulformed packet after the M3UA-v2 header.. I had similar issue with IUA for Q931 and was resolved by our vender as they use propritory version. So they sent me a copy of plugins. Pls find attached a copy of the sample trace. Best regards Ravi -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx ] On Behalf Of Michael Tüxen Sent: Tuesday, 16 June 2009 8:30 AM To: Community support list for Wireshark Subject: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins Hi ravi, M3UA is supported by Wireshark (for a long time) without the need of a plugin. Best regards Michael On Jun 14, 2009, at 6:54 PM, Ravi Rajaratnam wrote:Hi, Can anyone got the DLL plug-in to dissect M3UA version 2.? Ravi ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxxArchives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxxArchives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe < sample_m3uav2 .pkt___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxxArchives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe___________________________________________________________________________Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx >Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe< winmail .dat > ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx >Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- Follow-Ups:
- Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
- From: Ravi Rajaratnam
- Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
- References:
- [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
- From: Ravi Rajaratnam
- Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
- From: Michael Tüxen
- Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
- From: Ravi Rajaratnam
- Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
- From: Michael Tüxen
- Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
- From: Ravi Rajaratnam
- [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
- Prev by Date: Re: [Wireshark-users] RTP Player(Wireshark) installation
- Next by Date: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
- Previous by thread: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
- Next by thread: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
- Index(es):