Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] [Fwd: Wireshark to K12 comparison]

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Florent Drouin <florent.drouin@xxxxxxxxxxxxxxxxx>
Date: Mon, 05 Nov 2007 13:24:16 +0100

Alain Ameaume wrote:

Luis EG Ontanon <luis.ontanon@...> writes:


Additional questions  :
- I don't succeed to build a filter to isolate a complete TCAP 
transaction based on "Original transcation
id" and "Destination transaction id" parameters ==> very, very, very 
helpfull to  retrieve among several
records one GSM MAP procedure (i.e. a complete "Update Location" with 
its "Insert Subscriber Data"
messages) + the same request for a SCCP connected oriented procedure base 
on "SCFid" (i.e. to follow  a
complete BSSMAP call establishment from the Connection Request to the 
Connection Release) : is it

possible ? or do we have to imagine a macro  mechanism ?

For SCCP I added connection oriented tracing a while ago (0.99.6 has it),

Go to Preferences->Protocols->SCCP and set "Trace Associations", this
creates a tree with information about all messages in a given
connection. (sccp.assoc.id is a generated successive id for each
connection).

It is in my plans, to add the same capability to TCAP (not soon).

Another missing feature is filter fields to get all messages from all
connections given
a given IMSI or some other useful identifiers.

Which other Identifiers you think would be useful?

Luis
_______________________________________________
Wireshark-users mailing list
Wireshark-users <at> wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users




Ok, thanks for the SCCP connection follow-on using association id ...

For TCAP transaction, one suggestion :
- Is it possible to add more significant informations in the statistic tool "Menu/Statistics/GSM/etc...", like the trace record number ? + ... the "Source Local Reference (SRF)", the "Destination Local Reference (DRF)", the "Source Transaction Id", the "Destination Transaction Id" ? ==> by this way, it will become possible to isolate one SCCP connection or one TCAP transaction, which will be very helpfull to analyze malfunctions in Mobile Network. - AND as a complement feature : Is it possible to save in a file (text, csv or excel style type) the statistics computation issued by this tool "Menu/Statistics/GSM/etc..." ? 

Best regards,
Alain




_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Alain,
If you go in the TCAP preferences, and activate the 2 options "Service Response Time Analyze" and "Persistent Stats for SRT", you will have a new field "Session Id" to identify the TCAP transaction. 
Then, you can filter the TCAP transaction with this session identifier.

Regards
Florent
  • Prev by Date: Re: [Wireshark-users] how to convert g729 RTP stream into anyplayableformat?
  • Next by Date: Re: [Wireshark-users] how to convert g729 RTP stream into anyplayableformat?
  • Previous by thread: Re: [Wireshark-users] Error w/ Make command on CentOS 4.5 & wireshark-0.99.6
  • Next by thread: [Wireshark-users] Help with GRE encapsulated packets
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation