Wireshark-users: [Wireshark-users] mux27010 capture
Hello!
I have to debug a problem with the multiplex protocol of a gsm modem. I
came across wireshark being able to dissect mux27010 protocol which
would be of big value to me.
I did manage to capture some mux data from the uart but that does not
seem to fit to that what wireshark expects. Here is my setup:
I have a gsm modem connected to the uart of an arm processor running
linux. In linux the n_gsm mux driver is attached to the uart and does
the muxing. I now modified the n_gsm driver to hand me out a copy the
data it sends to the uart right before it leaves the mux driver. Okay, I
now have captured data and what I capture this way looks valid to me
according to the mux spec in 3GPP TS 07.10 V7.2.0. I then convert this
data to a hexdump with od -Ax -tx1 -v as stated in wireshark
documentation and this is what I import to wireshark using the Import
from hex dump... dialog. There I select my file and MUX27010 as
encapsulation type. The dissection wireshark then does is garbage. In
the MUX27010 Protocol wireshark expects an extended header which I do
not have in my capture and which I can not find in the specification. If
I remove this extended header part from the dissector and compile
wireshark, it correctly dissects the first (and only the first) mux
packet to me.
So my questions are: Where does this extended header come from and what
does it contain ? As it does not seem to be part of the mux
specification (and it is very unlikely to be seen on the uart line) I
suspect some capturing tool injecting this data. What is the preferred
way of capturing this mux data ?
Thanks in advance,
Lars