Hello, I'm new here :-)
I've been working on a dissector for the glue to recognise Cisco SS7
signalling over IP.
There are 3 protocols which I've been working on, although all
implementation are proprietary, so I'm guessing quite a bit. The
details and links are in the comments in the patch file, but a brief
description of the status is here:
RUDP - (Reliable UDP) I don't see any of the "odd" packets referenced
in the spec, so I'm sure it might fail on those packets.
RLM - (Redundant Link Management) Completely proprietary, no reference
spec, just going by eye, won't pick up the odd packets, and some
unkown fields.
SM - (Session Management) as for RLM.
The environment I'm working in is essentially:
SLT <-> MGC -- ISUP/MTP3/SM/RUDP/UDP port 7000
MGC <-> NASes (1) -- RLM/UDP port 3000 -> 3015 (or so)
MGC <-> NASes (2) -- Q.931/LAPD/UDP port 3001 -> 3015+ (RLM port for
that NAS + 1)
As you might appreciate, I've firstly focused on getting it working
for me, so the protocol detection needs some work.
RUDP - udp.port == 7000
SM - always called from RUDP. (lazy - no rudp subdissector list yet).
RLM - heuristically determined. Possibly overlaps with other traffic,
but the source port == dest port requirements helps make that unlikely
(I hope!). Still needs improvements since it can overlap with the LAPD
traffic on the same NAS!
I've put the LAPD heuristic dissector in the RLM module for now ...
it had to go somewhere, and where's there's RLM, there's LAPD :-)
Unfortunately I can't provide sample dumps just yet. It would need to be
sanitised first.
Comments appreciated.
,dunc
Attachment:
ethereal.ciscoss7.patch.gz
Description: Binary data
