Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 1385] New: local control descriptor of H.248 message is de

Date: Tue, 20 Feb 2007 10:38:51 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1385

           Summary: local control descriptor of H.248 message is decoded
                    incorrectly
           Product: Wireshark
           Version: 0.99.5
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: pubate.satienpoch@xxxxxxxxx


Build Information:
Version 0.99.5 (SVN Rev 20677)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.7, with GLib 2.12.7, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 3.1
(packet.dll version 3, 1, 0, 27), based on libpcap version 0.9[.x], without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

--
I have found some error in the H.248 message in the local control descriptors.
First, the property name 00220001 (package 22 in Q.1950 annex A, and parameter
01 which is TunOpt) is unknown to the program. However, this value exist in the
specification as follow :
Property Name: Tunnelling Options
PropertyID: 0x01, TunOpt
Description: This property is set to indicate when the MG shall send the
tunnelled data information
(BIT) to an MGC.
Type: Enumeration
Possible values:
1, [0x01] In the same message as the command response to the command which
generated the bearer control tunnel.
2, [0x02] Tunnel message at any time
NO, [0x03] No tunnel is used

The second error is the parameter name 002F0001 (3G user plane package and Mode
parameter). The raw data(as seen in the bottom window) has value 2 which is
"Support Mode..." but the decoded message interpreted it as value 1 which is
"Transparent Mode".

These 2 error can be seen in the attached file item no.464.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.