Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Add Tcap_context to the TCAP dissector

From: "Anders Broman" <a.broman@xxxxxxxxx>
Date: Wed, 27 Sep 2006 22:06:43 +0200
Checked in.
Brg
Anders

-----Ursprungligt meddelande-----
Från: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För Florent.Drouin@xxxxxxxxxx
Skickat: den 27 september 2006 16:00
Till: wireshark-dev@xxxxxxxxxxxxx
Ämne: [Wireshark-dev] Add Tcap_context to the TCAP dissector

      Hello,


Here are some patches and a new module to introduce the notion of Tcap
context for a Tcap transaction.
For each Tcap transaction, several parameters, like session identifier,
start time or OID, will be saved in a hash table, to keep these
informations available for the next messages.
This context is then given to the upper layer, and can be used, for
example, to generate transaction-associated statistics.

Moreover, the Upper protocol, detected in the Begin of the TCAP transaction
( according to the OID ), is saved in the context, and will be reused for
the next messages of the transaction. This help the decoding of SS7
messages, without any SSN configuration in the "wireshark preferences".

You will have too, the possibility to apply a filter to see only the
messages related to a TCAP transaction. (tcap.srt.session_id=XXX)

To enable the use of the Tcap context, you have 2 new parameters in the
preferences,
- SRT, enable search for a Tcap context for any TCAP messages
- persistentSRT, keep the Tcap context, even after the transaction has been
closed. This is mandatory with Wireshark, to have a clean display of the
stats.

There is 2 new timers  in the preferences for the statistics, to tune the
retransmission timeout, and messages lost timeout.


Some additional small updates have been made to Camel and Gsmmap concerning
OID, and private_data.

(See attached file: tcap_context.tar.gz)

Regards
Florent