Wireshark-bugs: [Wireshark-bugs] [Bug 4012] New: SCCP Association ID groups BSSAP messages from
Date: Mon, 14 Sep 2009 13:57:00 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4012

           Summary: SCCP Association ID groups BSSAP messages from multiple
                    calls
           Product: Wireshark
           Version: unspecified
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: [email protected]
        ReportedBy: [email protected]


Build Information:
Version 1.2.1 (SVN Rev 29141)

Copyright 1998-2009 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 19 2009), with
AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.1
beta5
(packet.dll version 4.1.0.1452), based on libpcap version 1.0.0, GnuTLS 2.8.1,
Gcrypt 1.4.4, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729


--
Wireshark is grouping BSSAP messages from multiple call flows under a single
SCCP Association ID. This problem seems to be connected to the BSSAP Classmark
Update message. Associations of BSSAP messages from distinct call flows appear
to be forming around the value of the DLR in the Classmark Update message. The
SLR for this Classmark Updates is blank, that is, the SLR field indicates 

.... ...0 = More data: No more data (0x00)

The user becomes aware of the problem after clicking on the Classmark Update
message or any message below the Classmark Update in the list of messages
displaying under the SCCP Association ID. After the click event, Wireshark
skips to the last call in the capture whose Classmark Update message has a
common DLR and an SLR without data (as described above).


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.