Wireshark-bugs: [Wireshark-bugs] [Bug 5246] New: [NAS EPS] Use Request Type IE defined in 3GPP 2
Date: Wed, 22 Sep 2010 02:04:03 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5246 Summary: [NAS EPS] Use Request Type IE defined in 3GPP 24.008 Product: Wireshark Version: 1.5.x (Experimental) Platform: Other OS/Version: All Status: NEW Severity: Enhancement Priority: Low Component: Wireshark AssignedTo: wireshark-bugs@xxxxxxxxxxxxx ReportedBy: pascal.quantin@xxxxxxxxx Pascal Quantin <pascal.quantin@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #5195| |review_for_checkin? Flag| | Created an attachment (id=5195) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5195) Request Type IE decoding factorization Build Information: Version 1.5.0 (SVN Rev 34178 from /trunk) Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.12.12, (32-bit) with GLib 2.16.6, with libpcap 1.0.0, with libz 1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without c-ares, without ADNS, without Lua, without Python, with GnuTLS 2.4.2, with Gcrypt 1.4.1, with MIT Kerberos, without GeoIP, without PortAudio, without AirPcap. Running on Linux 2.6.26-2-686-bigmem, with libpcap version 1.0.0, with libz 1.2.3.3, GnuTLS 2.4.2, Gcrypt 1.4.1. Built using gcc 4.3.2. Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- Right now, a EPS Attach Request message is decoded as: Non-Access-Stratum (NAS)PDU 0000 .... = Security header type: Plain NAS message, not security protected (0) .... 0111 = Protocol discriminator: EPS mobility management messages (7) NAS EPS Mobility Management Message Type: Attach request (0x41) 0... .... = Type of security context flag (TSC): Native security context (0) .111 .... = NAS key set identifier: No key is available (7) .... 0... = Spare bit(s): 0x00 .... .001 = EPS attach type: EPS attach (1) EPS mobile identity - Old GUTI or IMSI Length: 8 .... 1... = odd/even indic: 1 .... .001 = Type of identity: IMSI (1) IMSI: 460000200003113 UE network capability Length: 2 1... .... = EEA0: Supported .1.. .... = 128-EEA1: Supported ..1. .... = 128-EEA2: Supported ...0 .... = EEA3: Not Supported .... 0... = EEA4: Not Supported .... .0.. = EEA5: Not Supported .... ..0. = EEA6: Not Supported .... ...0 = EEA7: Not Supported 1... .... = EIA0: Supported .1.. .... = 128-EIA1: Supported ..1. .... = 128-EIA2: Supported ...0 .... = EIA3: Not Supported .... 0... = EIA4: Not Supported .... .0.. = EIA5: Not Supported .... ..0. = EIA6: Not Supported .... ...0 = EIA7: Not Supported ESM message container Length: 26 ESM message container contents: 0201d0112714808021100100001081060000000083060000... 0000 .... = EPS bearer identity: 0x00 .... 0010 = Protocol discriminator: EPS session management messages (2) Procedure transaction identity: 1 NAS EPS session management messages: PDN connectivity request (0xd0) 0001 .... = PDN type: IPv4 (1) .... 0001 = Request type: Initial attach (1) Protocol Configuration Options Element ID: 39 Length: 20 1... .... = Ext: 0x01 Configuration Protocol: PPP (0) Protocol: IP Control Protocol (32801) Length: 0x10 (16) PPP IP Control Protocol Code: Configuration Request (0x01) Identifier: 0x00 Length: 16 Options: (12 bytes) Primary DNS server IP address: 0.0.0.0 Secondary DNS server IP address: 0.0.0.0 Note that the Request Type IE in the PDN Connectivity Request piggybacked message is decoded as "Initial attach". According to 3GPP 24.301 8.6.0 chapter 9.9.4.14, the Request Type IE should be decoded as in 3GPP TS 24.008 chapter 10.5.6.17. The attached patch use the corresponding dissection function in packet-gsm_a_gm.c file. It also adds a missing dissection of Request Type in the 2G/3G Activate PDP Context Request message. Once applied, you get: Non-Access-Stratum (NAS)PDU 0000 .... = Security header type: Plain NAS message, not security protected (0) .... 0111 = Protocol discriminator: EPS mobility management messages (7) NAS EPS Mobility Management Message Type: Attach request (0x41) 0... .... = Type of security context flag (TSC): Native security context (0) .111 .... = NAS key set identifier: No key is available (7) .... 0... = Spare bit(s): 0x00 .... .001 = EPS attach type: EPS attach (1) EPS mobile identity - Old GUTI or IMSI Length: 8 .... 1... = odd/even indic: 1 .... .001 = Type of identity: IMSI (1) IMSI: 460000200003113 UE network capability Length: 2 1... .... = EEA0: Supported .1.. .... = 128-EEA1: Supported ..1. .... = 128-EEA2: Supported ...0 .... = EEA3: Not Supported .... 0... = EEA4: Not Supported .... .0.. = EEA5: Not Supported .... ..0. = EEA6: Not Supported .... ...0 = EEA7: Not Supported 1... .... = EIA0: Supported .1.. .... = 128-EIA1: Supported ..1. .... = 128-EIA2: Supported ...0 .... = EIA3: Not Supported .... 0... = EIA4: Not Supported .... .0.. = EIA5: Not Supported .... ..0. = EIA6: Not Supported .... ...0 = EIA7: Not Supported ESM message container Length: 26 ESM message container contents: 0201d0112714808021100100001081060000000083060000... 0000 .... = EPS bearer identity: 0x00 .... 0010 = Protocol discriminator: EPS session management messages (2) Procedure transaction identity: 1 NAS EPS session management messages: PDN connectivity request (0xd0) 0001 .... = PDN type: IPv4 (1) .... 0... = Spare bit(s): 0 .... .001 = Request type: Initial request (1) Protocol Configuration Options Element ID: 39 Length: 20 1... .... = Ext: 0x01 Configuration Protocol: PPP (0) Protocol: IP Control Protocol (32801) Length: 0x10 (16) PPP IP Control Protocol Code: Configuration Request (0x01) Identifier: 0x00 Length: 16 Options: (12 bytes) Primary DNS server IP address: 0.0.0.0 Secondary DNS server IP address: 0.0.0.0 -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
- Follow-Ups:
- [Wireshark-bugs] [Bug 5246] [NAS EPS] Use Request Type IE defined in 3GPP 24.008
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 5246] [NAS EPS] Use Request Type IE defined in 3GPP 24.008
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 5246] [NAS EPS] Use Request Type IE defined in 3GPP 24.008
- Prev by Date: [Wireshark-bugs] [Bug 5244] Add Dissector for ERSPAN v3 Header
- Next by Date: [Wireshark-bugs] [Bug 5247] New: Upper-case character in "name" of prefs_register_xxx_preference() results in "Runtime Error"
- Previous by thread: [Wireshark-bugs] [Bug 5110] Dissector of TFT - Traffic Flow Template(10.5.6.12) incorrectly dissects Packet filter Components
- Next by thread: [Wireshark-bugs] [Bug 5246] [NAS EPS] Use Request Type IE defined in 3GPP 24.008
- Index(es):
- Get Wireshark
- Download
- Code of Conduct