Wireshark · Wireshark-users: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins

Wireshark-users: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins

From: "Ravi Rajaratnam" <Ravi.Rajaratnam@xxxxxxxxxxxx>

Date: Sun, 21 Jun 2009 07:06:03 +1000

Michael,
 
Thanks for your help. I disabled m3ua-version2 under parametres/protocol and it works with version 1.5.
Once again thank you so much.
 
Best regards
Ravi

________________________________

From: wireshark-users-bounces@xxxxxxxxxxxxx on behalf of Michael Tüxen
Sent: Sun 21/06/2009 06:16
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins



Hi Ravi,

try using the 1.2.0 version. Here is the output I get when using
tshark (wireshark is similar):

[mba:~/Documents/wireshark/trunk] tuexen% ./tshark -V -r ~/Desktop/
sample_m3uav2.pkt
Frame 1 (126 bytes on wire, 126 bytes captured)
     Arrival Time: Jan  1, 2000 02:32:46.917047000
     [Time delta from previous captured frame: 0.000000000 seconds]
     [Time delta from previous displayed frame: 0.000000000 seconds]
     [Time since reference or first frame: 0.000000000 seconds]
     Frame Number: 1
     Frame Length: 126 bytes
     Capture Length: 126 bytes
     [Frame is marked: False]
     [Protocols in frame: eth:ip:sctp:m3ua:sccp:ranap]
Ethernet II, Src: Cisco_3d:d4:c6 (00:22:0c:3d:d4:c6), Dst: 
Cisco_e5:03:c7 (00:21:d7:e5:03:c7)
     Destination: Cisco_e5:03:c7 (00:21:d7:e5:03:c7)
         Address: Cisco_e5:03:c7 (00:21:d7:e5:03:c7)
         .... ...0 .... .... .... .... = IG bit: Individual address 
(unicast)
         .... ..0. .... .... .... .... = LG bit: Globally unique 
address (factory default)
     Source: Cisco_3d:d4:c6 (00:22:0c:3d:d4:c6)
         Address: Cisco_3d:d4:c6 (00:22:0c:3d:d4:c6)
         .... ...0 .... .... .... .... = IG bit: Individual address 
(unicast)
         .... ..0. .... .... .... .... = LG bit: Globally unique 
address (factory default)
     Type: IP (0x0800)
Internet Protocol, Src: 172.25.141.135 (172.25.141.135), Dst: 
172.25.141.119 (172.25.141.119)
     Version: 4
     Header length: 20 bytes
     Differentiated Services Field: 0x02 (DSCP 0x00: Default; ECN: 0x02)
         0000 00.. = Differentiated Services Codepoint: Default (0x00)
         .... ..1. = ECN-Capable Transport (ECT): 1
         .... ...0 = ECN-CE: 0
     Total Length: 112
     Identification: 0x13d9 (5081)
     Flags: 0x04 (Don't Fragment)
         0... = Reserved bit: Not set
         .1.. = Don't fragment: Set
         ..0. = More fragments: Not set
     Fragment offset: 0
     Time to live: 63
     Protocol: SCTP (0x84)
     Header checksum: 0xb3fd [validation disabled]
         [Good: False]
         [Bad : False]
     Source: 172.25.141.135 (172.25.141.135)
     Destination: 172.25.141.119 (172.25.141.119)
Stream Control Transmission Protocol, Src Port: m3ua (2905), Dst Port: 
52517 (52517)
     Source port: 2905
     Destination port: 52517
     Verification tag: 0x946ae867
     Checksum: 0x4efba9d3 (not verified)
     SACK chunk (Cumulative TSN: 319975428, a_rwnd: 192000, gaps: 0, 
duplicate TSNs: 0)
         Chunk type: SACK (3)
             0... .... = Bit: Stop processing of the packet
             .0.. .... = Bit: Do not report
         Chunk flags: 0x01
             .... ...1 = Nounce sum: 1
         Chunk length: 16
         Cumulative TSN ACK: 319975428
         Advertised receiver window credit (a_rwnd): 192000
         Number of gap acknowledgement blocks: 0
         Number of duplicated TSNs: 0
     DATA chunk(ordered, complete segment, TSN: 1315479841, SID: 12, 
SSN: 28603, PPID: 3, payload length: 48 bytes)
         Chunk type: DATA (0)
             0... .... = Bit: Stop processing of the packet
             .0.. .... = Bit: Do not report
         Chunk flags: 0x03
             .... ...1 = E-Bit: Last segment
             .... ..1. = B-Bit: First segment
             .... .0.. = U-Bit: Ordered delivery
             .... 0... = I-Bit: Possibly delay SACK
         Chunk length: 64
         TSN: 1315479841
         Stream Identifier: 0x000c
         Stream sequence number: 28603
         Payload protocol identifier: M3UA (3)
MTP 3 User Adaptation Layer
     Version: Release 1 (1)
     Reserved: 0x00
     Message class: Transfer messages (1)
     Message type: Payload data (DATA) (1)
     Message length: 48
     Network appearance (8)
         Parameter Tag: Network appearance (512)
         Parameter length: 8
         Network appearance: 8
     Protocol data (SS7 message of 14 bytes)
         Parameter Tag: Protocol data (528)
         Parameter length: 30
         OPC: 2547
         DPC: 2996
         SI: SCCP (3)
         NI: 2
         MP: 0
         SLS: 12
         MTP3 equivalents
             OPC: 2547
             DPC: 2996
             PC: 2547
             PC: 2996
             NI: 2
         Padding: 0000
Signalling Connection Control Part
     Message Type: Data Form 1 (0x06)
     Destination Local Reference: 0x4f8810
     .... ...0 = More data: No more data (0x00)
     Pointer to first Mandatory Variable parameter: 1
Radio Access Network Application Part
     RANAP-PDU: successfulOutcome (1)
         successfulOutcome
             procedureCode: id-Iu-Release (1)
             criticality: reject (0)
             value
                 Iu-ReleaseComplete
                     protocolIEs: 0 items

Is this what you want?

Best regards
Michael

On Jun 19, 2009, at 11:10 AM, Ravi Rajaratnam wrote:

> Hi Michael,
>
> I use Version 1.0.5 (SVN Rev 26954).Were you able to see the RANAP 
> messges?
> regards
> Ravi
>
> ________________________________
>
> From: wireshark-users-bounces@xxxxxxxxxxxxx on behalf of Michael Tüxen
> Sent: Fri 19/06/2009 08:36
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
>
>
>
> Hi Ravi,
>
> your capture files is handled correctly (at least I think) by
> the current version of Wireshark.
>
> Which version of Wireshark are you using?
>
> Best regards
> Michael
>
> On Jun 15, 2009, at 4:02 PM, Ravi Rajaratnam wrote:
>
>>
>>
>> Michael,
>> Thanks for your reply. What I see here is mulformed packet after the
>> M3UA-v2 header.. I had similar issue with IUA for Q931 and was
>> resolved by our vender as they use propritory version. So they sent
>> me a copy of plugins.
>>
>> Pls find attached a copy of the sample trace.
>>
>> Best regards
>>
>> Ravi
>>
>> -----Original Message-----
>> From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx
>> ] On Behalf Of Michael Tüxen
>> Sent: Tuesday, 16 June 2009 8:30 AM
>> To: Community support list for Wireshark
>> Subject: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
>>
>> Hi ravi,
>>
>> M3UA is supported by Wireshark (for a long time) without the
>> need of a plugin.
>>
>> Best regards
>> Michael
>>
>> On Jun 14, 2009, at 6:54 PM, Ravi Rajaratnam wrote:
>>
>>> Hi,
>>> Can anyone got the DLL plug-in to dissect M3UA version 2.?
>>>
>>>
>>> Ravi
>>>
>>> ___________________________________________________________________________
>>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx
>>>>
>>> Archives:    http://www.wireshark.org/lists/wireshark-users
>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>           mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx
>>>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>> <
>> sample_m3uav2
>> .pkt
>>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx
>>>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx
> >
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
> <
> winmail
> .dat
> >
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx
> >
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

<<winmail.dat>>

Follow-Ups:
- Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
  - From: Michael Tüxen

References:
- [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
  - From: Ravi Rajaratnam
- Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
  - From: Michael Tüxen
- Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
  - From: Ravi Rajaratnam
- Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
  - From: Michael Tüxen
- Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
  - From: Ravi Rajaratnam
- Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
  - From: Michael Tüxen

Prev by Date: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
Next by Date: [Wireshark-users] Problem with Wireshark 1.2.0 - custom protocol dissectors
Previous by thread: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
Next by thread: Re: [Wireshark-users] SIGTRAN M3UA ver2 DLL plugins
Index(es):
- Date
- Thread