Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] Fw: I am not decode the Nbap andsscopmessages.
From: "Kukosa, Tomas" <tomas.kukosa@xxxxxxxxxxx>
Date: Tue, 7 Aug 2007 09:50:20 +0200
Hi, BTW the NBAP reports [Malformed Packet: NBAP] now but I am working on updated NBAP (regnerated from last ASN1 source). I hope it will be fixed. Tomas > -----Original Message----- > From: wireshark-users-bounces@xxxxxxxxxxxxx > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of > Anders Broman > Sent: Tuesday, August 07, 2007 9:45 AM > To: 'Community support list for Wireshark' > Subject: Re: [Wireshark-users] Fw: I am not decode the Nbap > andsscopmessages. > > Hi, > Currently not, but given a small sample file it shouldn't be > to much work to > add it. Is it RRC directly on UDP or some other protocol in between? > Regards > Anders > > -----Ursprungligt meddelande----- > Från: wireshark-users-bounces@xxxxxxxxxxxxx > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] För > vaibhav.agarwal@xxxxxxxxxxx > Skickat: den 7 augusti 2007 14:59 > Till: Luis EG Ontanon > Kopia: Community support list for Wireshark > Ämne: Re: [Wireshark-users] Fw: I am not decode the Nbap and > sscopmessages. > > > > > > > Hi, > Thanks > After dowloading the wireshark 0.99.6a, now it decode the > sscop with Nbap > over UDP. > > I have one more query is there any support RRC over udp. > > > Thanks & Regards, > Vaibhav > > > > > "Luis EG Ontanon" > > <luis.ontanon@gma > > il.com> > To > Vaibhav > Agarwal/NokiaDDF@NOKIADDF > 08/06/2007 07:09 > cc > PM > > > Subject > Re: Fw: > [Wireshark-users] I am not > decode the Nbap and > sscop > messages. > > > > > > > > > > > > > > > > > > Well I was taking a look at the preferences of SSCOP and I discover > that Wireshark is already enabled to decode SSCOP with NBAP over UDP. > > If the preferences for SSCOP in 0.99.5 do not have an "UDP port range" > download 0.99.6 because it does have it already. > > (BTW: remove that line from init.lua or else it won't work) > Luis > > On 06-Aug-2007 18:40:42 ZE5B, vaibhav.agarwal@xxxxxxxxxxx > <vaibhav.agarwal@xxxxxxxxxxx> wrote: > > > > > > > > > > > > Hi Luis, > > Thanks!! > > Now, Nbap is working. Nbap messages decode by wireshark. > > > > But now one problem comes Below Nbap Layer sscop layer exist, Now > wireshark > > consider each and every message as a NBAP message. > > That's why wireshark consider sscop message as a nbap > message and gives > > error. > > > > please help how to configure sscop layer also on same port. > > > > Type: IP (0x0800) > > Trailer: 00000000000000000000 > > Internet Protocol, Src: 192.168.255.143 (192.168.255.143), Dst: > > 192.168.255.16 (192.168.255.16) > > Version: 4 > > Header length: 20 bytes > > Differentiated Services Field: 0x00 (DSCP 0x00: > Default; ECN: 0x00) > > 0000 00.. = Differentiated Services Codepoint: > Default (0x00) > > .... ..0. = ECN-Capable Transport (ECT): 0 > > .... ...0 = ECN-CE: 0 > > Total Length: 36 > > Identification: 0xf625 (63013) > > Flags: 0x00 > > 0... = Reserved bit: Not set > > .0.. = Don't fragment: Not set > > ..0. = More fragments: Not set > > Fragment offset: 0 > > Time to live: 64 > > Protocol: UDP (0x11) > > Header checksum: 0x04b2 [correct] > > [Good: True] > > [Bad : False] > > Source: 192.168.255.143 (192.168.255.143) > > Destination: 192.168.255.16 (192.168.255.16) > > User Datagram Protocol, Src Port: 9013 (9013), Dst Port: 9013 (9013) > > Source port: 9013 (9013) > > Destination port: 9013 (9013) > > Length: 16 > > Checksum: 0x377b [correct] > > [Good Checksum: True] > > [Bad Checksum: False] > > UTRAN Iub interface NBAP signalling > > NBAP-PDU: initiatingMessage (0) > > initiatingMessage > > procedureID > > procedureCode: id-audit (0) > > ddMode: tdd (0) > > criticality: reject (0) > > messageDiscriminator: common (0) > > transactionID: shortTransActionId (0) > > shortTransActionId: 10 > > initiatingMessageValue > > id-audit > > protocolIEs: 205 items > > Item 0 > > Item > > [Malformed Packet: NBAP] > > > > > > > > Thanks & Regards, > > Vaibhav > > > > > > > > "Luis EG Ontanon" > > <luis.ontanon@gma > > il.com> > To > > Vaibhav > Agarwal/NokiaDDF@NOKIADDF > > 08/06/2007 05:15 > cc > > PM > > > Subject > > Re: Fw: > [Wireshark-users] I am not > > decode the Nbap and sscop > > messages. > > > > > > > > > > > > > > > > > > > > > > So that's NBAP running atop UDP... > > which we do not have it registered for. > > can you edit the file init.lua > > and add the following line at the very beggining: > > > > DissectorTable.get("udp.port"):add(9013, Dissector.get("nbap")); > > > > > > then try to open the file again. > > > > Luis > > > > On 06-Aug-2007 17:00:21 ZE5B, vaibhav.agarwal@xxxxxxxxxxx > > <vaibhav.agarwal@xxxxxxxxxxx> wrote: > > > > > > > > > > > > > > > > > > > > > > > > Hi, > > > > > > I am using .pcap file. > > > > > > This packet contain the Nbap message but Wireshark does > not decode this > > > message (I Enable all the protocols through "Enables protocols" > option). > > > > > > Please tell me the reason. > > > > > > No. Time Source Destination > Protocol > > > Info > > > 166785 83.426705 192.168.255.16 192.168.255.143 > UDP > > > Source port: 9013 Destination port: 9013 > > > > > > Frame 166785 (78 bytes on wire, 78 bytes captured) > > > Arrival Time: Aug 6, 2007 11:44:58.239002000 > > > [Time delta from previous packet: 0.032667000 seconds] > > > [Time since reference or first frame: 83.426705000 seconds] > > > Frame Number: 166785 > > > Packet Length: 78 bytes > > > Capture Length: 78 bytes > > > [Frame is marked: True] > > > [Protocols in frame: eth:ip:udp:data] > > > Ethernet II, Src: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52), Dst: > > > Intel_c3:4b:b0 (00:0e:0c:c3:4b:b0) > > > Destination: Intel_c3:4b:b0 (00:0e:0c:c3:4b:b0) > > > Address: Intel_c3:4b:b0 (00:0e:0c:c3:4b:b0) > > > .... ...0 .... .... .... .... = IG bit: Individual address > > > (unicast) > > > .... ..0. .... .... .... .... = LG bit: Globally > unique address > > > (factory default) > > > Source: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52) > > > Address: HewlettP_a7:ee:52 (00:0e:7f:a7:ee:52) > > > .... ...0 .... .... .... .... = IG bit: Individual address > > > (unicast) > > > .... ..0. .... .... .... .... = LG bit: Globally > unique address > > > (factory default) > > > Type: IP (0x0800) > > > Internet Protocol, Src: 192.168.255.16 (192.168.255.16), Dst: > > > 192.168.255.143 (192.168.255.143) > > > Version: 4 > > > Header length: 20 bytes > > > Differentiated Services Field: 0x00 (DSCP 0x00: > Default; ECN: 0x00) > > > 0000 00.. = Differentiated Services Codepoint: > Default (0x00) > > > .... ..0. = ECN-Capable Transport (ECT): 0 > > > .... ...0 = ECN-CE: 0 > > > Total Length: 64 > > > Identification: 0x0000 (0) > > > Flags: 0x04 (Don't Fragment) > > > 0... = Reserved bit: Not set > > > .1.. = Don't fragment: Set > > > ..0. = More fragments: Not set > > > Fragment offset: 0 > > > Time to live: 64 > > > Protocol: UDP (0x11) > > > Header checksum: 0xbabb [correct] > > > [Good: True] > > > [Bad : False] > > > Source: 192.168.255.16 (192.168.255.16) > > > Destination: 192.168.255.143 (192.168.255.143) > > > User Datagram Protocol, Src Port: 9013 (9013), Dst Port: > 9013 (9013) > > > Source port: 9013 (9013) > > > Destination port: 9013 (9013) > > > Length: 44 > > > Checksum: 0xcd18 [correct] > > > [Good Checksum: True] > > > [Bad Checksum: False] > > > Data (36 bytes) > > > > > > 0000 00 24 4a 00 01 17 00 00 00 00 02 58 40 0f 10 00 > .$J........X@... > > > 0010 01 40 00 0a 00 00 64 14 08 01 19 02 80 00 00 00 > .@....d......... > > > 0020 c8 00 00 1c > > > > > > > > > > > > Thanks & Regards, > > > Vaibhav > > > > > > > > > > > > "Luis EG Ontanon" > > > <luis.ontanon@gma > > > il.com> > > To > > > Sent by: "Community support list for > > > wireshark-users-b Wireshark" > > > ounces@wireshark. > <wireshark-users@xxxxxxxxxxxxx> > > > org > > cc > > > > > > > > Subject > > > 08/06/2007 04:35 Re: > [Wireshark-users] I am not > > > PM decode the Nbap and sscop > > messages. > > > > > > > > > Please respond to > > > Community support > > > list for > > > Wireshark > > > <wireshark-users@ > > > wireshark.org> > > > > > > > > > > > > > > > > > > > > > Which kind of file are you using? > > > > > > On 06-Aug-2007 16:25:13 ZE5B, vaibhav.agarwal@xxxxxxxxxxx > > > <vaibhav.agarwal@xxxxxxxxxxx> wrote: > > > > > > > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > I am using wireshark version 0.99.5, > > > > But I donot decode sscop and Nbap layer messages. > > > > > > > > please tell what is the procedure how to decode these > layer messages. > > > > > > > > > > > > Thanks & Regards, > > > > Vaibhav > > > > > > > > *********************** Aricent-Unclassified > *********************** > > > > > > > > "DISCLAIMER: This message is proprietary to Aricent > and is intended > > > solely > > > > for the use of > > > > the individual to whom it is addressed. It may contain > privileged or > > > > confidential information and should not be > > > > circulated or used for any purpose other than for what it is > intended. > > If > > > > you have received this message in error, > > > > please notify the originator immediately. If you are > not the intended > > > > recipient, you are notified that you are strictly > > > > prohibited from using, copying, altering, or disclosing > the contents > of > > > > this message. Aricent accepts no responsibility for > > > > loss or damage arising from the use of the information > transmitted by > > > this > > > > email including damage from virus." > > > > > > > > > > > > > > > > _______________________________________________ > > > > Wireshark-users mailing list > > > > Wireshark-users@xxxxxxxxxxxxx > > > > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > > > > > > > > > > > -- > > > This information is top security. When you have read it, destroy > > yourself. > > > -- Marshall McLuhan > > > > > > Propertarianism joined to capitalist vigor destroyed meaningful > > > commercial competition, but when it came to making good software, > > > anarchism won. > > > -- Eben Moglen > > > _______________________________________________ > > > Wireshark-users mailing list > > > Wireshark-users@xxxxxxxxxxxxx > > > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > > > > > > > > > > *********************** Aricent-Unclassified > *********************** > > > > > > *********************** Aricent-Unclassified > *********************** > > > > > > "DISCLAIMER: This message is proprietary to Aricent and > is intended > > solely > > > for the use of > > > the individual to whom it is addressed. It may contain > privileged or > > > confidential information and should not be > > > circulated or used for any purpose other than for what it > is intended. > If > > > you have received this message in error, > > > please notify the originator immediately. If you are not > the intended > > > recipient, you are notified that you are strictly > > > prohibited from using, copying, altering, or disclosing > the contents of > > > this message. Aricent accepts no responsibility for > > > loss or damage arising from the use of the information > transmitted by > > this > > > email including damage from virus." > > > > > > > > > > > > > > > > > > -- > > This information is top security. When you have read it, destroy > yourself. > > -- Marshall McLuhan > > > > Propertarianism joined to capitalist vigor destroyed meaningful > > commercial competition, but when it came to making good software, > > anarchism won. > > -- Eben Moglen > > > > > > > > > > *********************** Aricent-Unclassified > *********************** > > > > "DISCLAIMER: This message is proprietary to Aricent and is intended > solely > > for the use of > > the individual to whom it is addressed. It may contain privileged or > > confidential information and should not be > > circulated or used for any purpose other than for what it > is intended. If > > you have received this message in error, > > please notify the originator immediately. If you are not > the intended > > recipient, you are notified that you are strictly > > prohibited from using, copying, altering, or disclosing the > contents of > > this message. Aricent accepts no responsibility for > > loss or damage arising from the use of the information > transmitted by > this > > email including damage from virus." > > > > > > > > > -- > This information is top security. When you have read it, > destroy yourself. > -- Marshall McLuhan > > Propertarianism joined to capitalist vigor destroyed meaningful > commercial competition, but when it came to making good software, > anarchism won. > -- Eben Moglen > > > > > *********************** Aricent-Unclassified > *********************** > > "DISCLAIMER: This message is proprietary to Aricent and is > intended solely > for the use of > the individual to whom it is addressed. It may contain privileged or > confidential information and should not be > circulated or used for any purpose other than for what it is > intended. If > you have received this message in error, > please notify the originator immediately. If you are not the intended > recipient, you are notified that you are strictly > prohibited from using, copying, altering, or disclosing the > contents of > this message. Aricent accepts no responsibility for > loss or damage arising from the use of the information > transmitted by this > email including damage from virus." > > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-users > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-users >
- References:
- Re: [Wireshark-users] Fw: I am not decode the Nbap and sscop messages.
- From: vaibhav . agarwal
- Re: [Wireshark-users] Fw: I am not decode the Nbap and sscopmessages.
- From: Anders Broman
- Re: [Wireshark-users] Fw: I am not decode the Nbap and sscop messages.
- Prev by Date: Re: [Wireshark-users] Fw: I am not decode the Nbap and sscopmessages.
- Next by Date: [Wireshark-users] capturing 802.11 management frames
- Previous by thread: Re: [Wireshark-users] Fw: I am not decode the Nbap and sscopmessages.
- Next by thread: Re: [Wireshark-users] Fw: I am not decode the Nbap andsscopmessages.
- Index(es):