On 1/2/2015 5:42 AM, poeschel@xxxxxxxxxxx wrote:
Hello!
I have to debug a problem with the multiplex protocol of a gsm
modem. I came across wireshark being able to dissect mux27010
protocol which would be of big value to me.
I did manage to capture some mux data from the uart but that does
not seem to fit to that what wireshark expects. Here is my setup: I
have a gsm modem connected to the uart of an arm processor running
linux. In linux the n_gsm mux driver is attached to the uart and does
the muxing. I now modified the n_gsm driver to hand me out a copy the
data it sends to the uart right before it leaves the mux driver.
Okay, I now have captured data and what I capture this way looks
valid to me according to the mux spec in 3GPP TS 07.10 V7.2.0. I
then convert this data to a hexdump with od -Ax -tx1 -v as stated in
wireshark documentation and this is what I import to wireshark using
the Import from hex dump... dialog. There I select my file and
MUX27010 as encapsulation type.
The dissection wireshark then does is garbage. In the MUX27010
Protocol wireshark expects an extended header which I do not have in
my capture and which I can not find in the specification. If I remove
this extended header part from the dissector and compile wireshark,
it correctly dissects the first (and only the first) mux packet to
me.
So my questions are: Where does this extended header come from and
what does it contain ? As it does not seem to be part of the mux
specification (and it is very unlikely to be seen on the uart line) I
suspect some capturing tool injecting this data. What is the
preferred way of capturing this mux data ?
Thanks in advance, Lars
I'm not familiar with the protocol but the following may help:
http://www.tcpdump.org/linktypes/LINKTYPE_MUX27010.html
