Wireshark · Wireshark-users: [Wireshark-users] not able to decode TCAP/GSM_MAP/GSM_SMS protocol layers

["Zak, Pavel" <Pavel.Zak@xxxxxxxxxxx>]

Hi,

 

I currently have wireshark 1.2.9 and I’m not able to decode M3UA traffic exchanged between SMSC and STP. Decoding ends up on ETH/IP/SCTP/M3UA/SCCP layer and the rest is non decoded raw data.

 

Could anyone tell me what’s wrong in the traffic? Please see HTML output bellow (left side correctly decoded, right side incorrectly).

 

Thank you,

Pavel

 

 

1	No.     Time                       Source                Destination           Protocol Info	=	1	No.     Time                       Source                Destination           Protocol Info
2	106 2009-07-21 17:44:28.055408 16262                 16317                 GSM SMS invoke mo-forwardSM	<>	2	224 2010-07-28 20:46:13.015670 168855                168706                SCCP (Int. ITU) UDT
3		=	3
4	Frame 106 (230 bytes on wire, 230 bytes captured)	<>	4	Frame 224 (202 bytes on wire, 202 bytes captured)
5	Arrival Time: Jul 21, 2009 17:44:28.055408000		5	Arrival Time: Jul 28, 2010 20:46:13.015670000
6	[Time delta from previous captured frame: 0.099000000 seconds]		6	[Time delta from previous captured frame: 0.009999000 seconds]
7	[Time delta from previous displayed frame: 0.099000000 seconds]		7	[Time delta from previous displayed frame: 0.009999000 seconds]
8	[Time since reference or first frame: 4.899035000 seconds]		8	[Time since reference or first frame: 1.969952000 seconds]
9	Frame Number: 106		9	Frame Number: 224
10	Frame Length: 230 bytes		10	Frame Length: 202 bytes
11	Capture Length: 230 bytes		11	Capture Length: 202 bytes
12	[Frame is marked: False]	=	12	[Frame is marked: False]
13	[Protocols in frame: eth:ip:sctp:m3ua:sccp:tcap:gsm_map:gsm_sms]	<>	13	[Protocols in frame: eth:ip:sctp:m3ua:sccp:data]
14	Ethernet II, Src: Pentacom_53:f8:00 (00:d0:04:53:f8:00), Dst: HewlettP_ab:00:e6(00:17:a4:ab:00:e6)		14	Ethernet II, Src: HewlettP_79:66:1b (00:1b:78:79:66:1b), Dst: IETF-VRRP-virtual-router-VRID_d0 (00:00:5e:00:01:d0)
15	Destination: HewlettP_ab:00:e6 (00:17:a4:ab:00:e6)		15	Destination: IETF-VRRP-virtual-router-VRID_d0 (00:00:5e:00:01:d0)
16	Address: HewlettP_ab:00:e6 (00:17:a4:ab:00:e6)		16	Address: IETF-VRRP-virtual-router-VRID_d0 (00:00:5e:00:01:d0)
17	.... ...0 .... .... .... .... = IG bit: Individual address (unicast)	=	17	.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
18	.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)		18	.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
19	Source: Pentacom_53:f8:00 (00:d0:04:53:f8:00)	<>	19	Source: HewlettP_79:66:1b (00:1b:78:79:66:1b)
20	Address: Pentacom_53:f8:00 (00:d0:04:53:f8:00)		20	Address: HewlettP_79:66:1b (00:1b:78:79:66:1b)
21	.... ...0 .... .... .... .... = IG bit: Individual address (unicast)	=	21	.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
22	.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)		22	.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
23	Type: IP (0x0800)		23	Type: IP (0x0800)
24	Internet Protocol, Src: 192.168.144.213 (192.168.144.213), Dst: 192.168.138.194(192.168.138.194)	<>	24	Internet Protocol, Src: 10.0.57.8 (10.0.57.8), Dst: 10.0.60.35(10.0.60.35)
25	Version: 4	=	25	Version: 4
26	Header length: 20 bytes		26	Header length: 20 bytes
27	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)		27	Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
28	0000 00.. = Differentiated Services Codepoint: Default (0x00)		28	0000 00.. = Differentiated Services Codepoint: Default (0x00)
29	.... ..0. = ECN-Capable Transport (ECT): 0		29	.... ..0. = ECN-Capable Transport (ECT): 0
30	.... ...0 = ECN-CE: 0		30	.... ...0 = ECN-CE: 0
31	Total Length: 216	<>	31	Total Length: 188
32	Identification: 0x294f (10575)		32	Identification: 0xdc78 (56440)
33	Flags: 0x00	=	33	Flags: 0x00
34	0.. = Reserved bit: Not Set		34	0.. = Reserved bit: Not Set
35	.0. = Don't fragment: Not Set		35	.0. = Don't fragment: Not Set
36	..0 = More fragments: Not Set		36	..0 = More fragments: Not Set
37	Fragment offset: 0		37	Fragment offset: 0
38	Time to live: 250	<>	38	Time to live: 64
39	Protocol: SCTP (0x84)	=	39	Protocol: SCTP (0x84)
40	Header checksum: 0xf969 [correct]	<>	40	Header checksum: 0x141b [correct]
41	[Good: True]	=	41	[Good: True]
42	[Bad : False]		42	[Bad : False]
43	Source: 192.168.144.213 (192.168.144.213)	<>	43	Source: 10.0.57.8 (10.0.57.8)
44	Destination: 192.168.138.194 (192.168.138.194)		44	Destination: 10.0.60.35 (10.0.60.35)
45	Stream Control Transmission Protocol, Src Port: 2906 (2906), Dst Port: 2906 (2906)		45	Stream Control Transmission Protocol, Src Port: m3ua (2905), Dst Port: 12138 (12138)
46	Source port: 2906		46	Source port: 2905
47	Destination port: 2906		47	Destination port: 12138
48	Verification tag: 0x08c9a1e4		48	Verification tag: 0x000027f6
49	Checksum: 0x37791c7d (not verified)		49	Checksum: 0x298cf244 (not verified)
50	DATA chunk(ordered, complete segment, TSN: 610068268, SID: 1, SSN: 1614, PPID: 3, payload length: 168 bytes)		50	DATA chunk(unordered, complete segment, TSN: 767836188, SID: 1, SSN: 0, PPID: 3, payload length: 140 bytes)
51	Chunk type: DATA (0)	=	51	Chunk type: DATA (0)
52	0... .... = Bit: Stop processing of the packet		52	0... .... = Bit: Stop processing of the packet
53	.0.. .... = Bit: Do not report		53	.0.. .... = Bit: Do not report
54	Chunk flags: 0x03	<>	54	Chunk flags: 0x07
55	.... ...1 = E-Bit: Last segment	=	55	.... ...1 = E-Bit: Last segment
56	.... ..1. = B-Bit: First segment		56	.... ..1. = B-Bit: First segment
57	.... .0.. = U-Bit: Ordered delivery	<>	57	.... .1.. = U-Bit: Unordered delivery
58	.... 0... = I-Bit: Possibly delay SACK	=	58	.... 0... = I-Bit: Possibly delay SACK
59	Chunk length: 184	<>	59	Chunk length: 156
60	TSN: 610068268		60	TSN: 767836188
61	Stream Identifier: 0x0001	=	61	Stream Identifier: 0x0001
62	Stream sequence number: 1614	<>	62	Stream sequence number: 0
63	Payload protocol identifier: M3UA (3)	=	63	Payload protocol identifier: M3UA (3)
64	MTP 3 User Adaptation Layer		64	MTP 3 User Adaptation Layer
65	Version: Release 1 (1)		65	Version: Release 1 (1)
66	Reserved: 0x00		66	Reserved: 0x00
67	Message class: Transfer messages (1)		67	Message class: Transfer messages (1)
68	Message type: Payload data (DATA) (1)		68	Message type: Payload data (DATA) (1)
69	Message length: 168	<>	69	Message length: 140
70	Routing context (1 context)	=	70	Routing context (1 context)
71	Parameter Tag: Routing context (6)		71	Parameter Tag: Routing context (6)
72	Parameter length: 8		72	Parameter length: 8
73	Routing context: 2000	<>	73	Routing context: 101000
74	Protocol data (SS7 message of 134 bytes)		74	Protocol data (SS7 message of 108 bytes)
75	Parameter Tag: Protocol data (528)	=	75	Parameter Tag: Protocol data (528)
76	Parameter length: 150	<>	76	Parameter length: 124
77	OPC: 16262		77	OPC: 168855
78	DPC: 16317		78	DPC: 168706
79	SI: SCCP (3)	=	79	SI: SCCP (3)
80	NI: 3	<>	80	NI: 2
81	MP: 0	=	81	MP: 0
82	SLS: 1	<>	82	SLS: 47
83	MTP3 equivalents	=	83	MTP3 equivalents
84	OPC: 16262	<>	84	OPC: 168855
85	DPC: 16317		85	DPC: 168706
86	PC: 16262		86	PC: 168855
87	PC: 16317		87	PC: 168706
88	NI: 3		88	NI: 2
89	Padding: 0000
90	Signalling Connection Control Part	=	89	Signalling Connection Control Part
91	Message Type: Extended Unitdata (0x11)	<>	90	Message Type: Unitdata (0x09)
92	.... 0001 = Class: 0x01		91	.... 0000 = Class: 0x00
93	1000 .... = Message handling: Return message on error (0x08)	=	92	1000 .... = Message handling: Return message on error (0x08)
94	Hop Counter: 0x0e	<>
95	Pointer to first Mandatory Variable parameter: 4		93	Pointer to first Mandatory Variable parameter: 3
96	Pointer to second Mandatory Variable parameter: 15		94	Pointer to second Mandatory Variable parameter: 12
97	Pointer to third Mandatory Variable parameter: 26		95	Pointer to third Mandatory Variable parameter: 21
98	Pointer to Optional parameter: 124
99	Called Party address (11 bytes)		96	Called Party address (9 bytes)
100	Address Indicator	=	97	Address Indicator
101	.1.. .... = Routing Indicator: Route on SSN (0x01)	<>	98	.0.. .... = Routing Indicator: Route on GT (0x00)
102	..01 00.. = Global Title Indicator: Translation Type, Numbering Plan, EncodingScheme, and Nature of Address Indicator included (0x04)		99	..00 10.. = Global Title Indicator: Translation Type only(0x02)
103	.... ..1. = SubSystem Number Indicator: SSN present (0x01)		100	.... ..0. = SubSystem Number Indicator: SSN not present (0x00)
104	.... ...0 = Point Code Indicator: Point Code not present (0x00)		101	.... ...1 = Point Code Indicator: Point Code present (0x01)
105	SubSystem Number: MSC (Mobile Switching Center) (8)		102	..00 1010 0000 0110 = PC: 2566
106	[Linked to TCAP, TCAP SSN linked to GSM_MAP]
107	Global Title 0x4 (9 bytes)		103	Global Title 0x2 (6 bytes)
108	Translation Type: 0x00		104	Translation Type: 0x61
109	0001 .... = Numbering Plan: ISDN/telephony (0x01)
110	.... 0010 = Encoding Scheme: BCD, even number of digits (0x02)
111	.000 0100 = Nature of Address Indicator: International number (0x04)
112	Address information (digits): 393205959510		105	Address information (digits): 4722316910
113	Country Code: 39 Italy length 2
114	Calling Party address (11 bytes)		106	Calling Party address (9 bytes)
115	Address Indicator	=	107	Address Indicator
116	.0.. .... = Routing Indicator: Route on GT (0x00)		108	.0.. .... = Routing Indicator: Route on GT (0x00)
117	..01 00.. = Global Title Indicator: Translation Type, Numbering Plan, EncodingScheme, and Nature of Address Indicator included (0x04)	<>	109	..00 10.. = Global Title Indicator: Translation Type only(0x02)
118	.... ..1. = SubSystem Number Indicator: SSN present (0x01)		110	.... ..0. = SubSystem Number Indicator: SSN not present (0x00)
119	.... ...0 = Point Code Indicator: Point Code not present (0x00)		111	.... ...1 = Point Code Indicator: Point Code present (0x01)
120	SubSystem Number: MSC (Mobile Switching Center) (8)		112	..00 1010 0000 1000 = PC: 2568
121	[Linked to TCAP, TCAP SSN linked to GSM_MAP]
122	Global Title 0x4 (9 bytes)		113	Global Title 0x2 (6 bytes)
123	Translation Type: 0x00		114	Translation Type: 0x61
124	0001 .... = Numbering Plan: ISDN/telephony (0x01)
125	.... 0010 = Encoding Scheme: BCD, even number of digits (0x02)
126	.000 0100 = Nature of Address Indicator: International number (0x04)
127	Address information (digits): 393209897010		115	Address information (digits): 1350090000
128	Country Code: 39 Italy length 2		116	Data (82 bytes)
129	.... .000 = Importance: 0x00
130	End of Optional
131	Transaction Capabilities Application Part
132	begin		117
133	Source Transaction ID		118	0000  62 50 48 04 21 f1 46 00 6b 1a 28 18 06 07 00 11 bPH.!.F.k.(.....
134	Transaction Id: 0001AC81		119	0010  86 05 01 01 01 a0 0d 60 0b a1 09 06 07 04 00 00  .......`........
135	oid: 0.0.17.773.1.1.1 (id-as-dialogue)		120	0020  01 00 14 03 6c 2c a1 2a 02 01 4e 02 01 2d 30 22  ....l,.*..N..-0"
136	dialogueRequest		121	0030  80 07 91 61 74 22 13 96 f1 81 01 ff 82 07 91 61  ...at".........a
137	Padding: 7		122	0040  31 05 90 00 f0 88 01 00 89 08 0b 91 61 74 07 91  1...........at..
138	protocol-version: 80 (version1)
139	1... .... = version1: True
140	application-context-name: 0.4.0.0.1.0.21.3 (shortMsgMO-RelayContext-v3)
141	components: 1 item
142	Component: invoke (1)
143	invoke
144	invokeID: 1
145	opCode: localValue (0)
146	localValue: 46
147	CONSTRUCTOR
148	CONSTRUCTOR Tag
149	Tag: 0x00		123	0050  45 f8                                            E.
150	Length: 44
151	Parameter (0x04)
152	Tag: 0x04
153	Length: 7
154	Data: 91932350595901
155	Parameter (0x02)
156	Tag: 0x02
157	Length: 7
158	Data: 91932310000039
159	Parameter (0x04)
160	Tag: 0x04
161	Length: 14
162	Data: 11960A8123100010660000A70141		124	Data: 6250480421F146006B1A2818060700118605010101A00D60...
163	Parameter (0x04)
164	Tag: 0x04
165	Length: 8		125	[Length: 82]
166	Data: 22821801000030F1
167	GSM Mobile Application
168	Component: invoke (1)
169	invoke
170	invokeID: 1
171	opCode: localValue (0)
172	localValue: mo-forwardSM (46)
173	sm-RP-DA: serviceCentreAddressDA (4)
174	serviceCentreAddressDA: 91932350595901
175	1... .... = Extension: No Extension
176	.001 .... = Nature of number: International Number (0x01)
177	.... 0001 = Number plan: ISDN/Telephony Numbering (Rec ITU-T E.164)(0x01)
178	Address digits: 393205959510
179	Country Code: 39 Italy length 2
180	sm-RP-OA: msisdn (2)
181	msisdn: 91932310000039
182	1... .... = Extension: No Extension
183	.001 .... = Nature of number: International Number (0x01)
184	.... 0001 = Number plan: ISDN/Telephony Numbering (Rec ITU-T E.164)(0x01)
185	Address digits: 393201000093
186	Country Code: 39 Italy length 2
187	sm-RP-UI: 11960A8123100010660000A70141
188	imsi: 22821801000030F1
189	TBCD digits: 222881100000031
190	GSM SMS TPDU (GSM 03.40) SMS-SUBMIT
191	0... .... = TP-RP: TP Reply Path parameter is not set in this SMS SUBMIT/DELIVER
192	.0.. .... = TP-UDHI: The TP UD field contains only the short message
193	..0. .... = TP-SRR: A status report is not requested
194	...1 0... = TP-VPF: TP-VP field present - relative format (2)
195	.... .0.. = TP-RD: Instruct SC to accept duplicates
196	.... ..01 = TP-MTI: SMS-SUBMIT (1)
197	TP-MR: 150
198	TP-Destination-Address - (3201000166)
199	Length: 10 address digits
200	1... .... :  No extension
201	.000 .... :  Type of number: (0) Unknown
202	.... 0001 :  Numbering plan: (1) ISDN/telephone (E.164/E.163)
203	TP-DA Digits: 3201000166
204	TP-PID: 0
205	00.. .... :  defines formatting for subsequent bits
206	..0. .... :  no telematic interworking, but SME-to-SME protocol
207	...0 0000 :  the SM-AL protocol being used between the SME and the MS (0)
208	TP-DCS: 0
209	00.. .... = Coding Group Bits: General Data Coding indication (0)
210	Special case, GSM 7 bit default alphabet
211	TP-Validity-Period: 24 hours 0 minutes
212	TP-User-Data-Length: (1) depends on Data-Coding-Scheme
213	TP-User-Data
214	A

 

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.