Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4432] New: Wrong decoding field of LTE S1AP uplinkNASTrans

Date: Thu, 28 Jan 2010 07:44:49 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4432

           Summary: Wrong decoding field of LTE S1AP uplinkNASTransport in
                    some cases
           Product: Wireshark
           Version: 1.3.x (Experimental)
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: alex.garcia.b@xxxxxxxxx


Created an attachment (id=4215)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4215)
Trace with good and bad message decoding

Build Information:
Version 1.3.2 (SVN Rev 31063 from /trunk)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.6, with GLib 2.22.2, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt
1.4.4, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Nov 23
2009), with AirPcap, with new_packet_list.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.1.1
(packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.4, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
When decoding LTE S1AP messages, normally message uplinkNASTRansport is
properly decoded in most cases (see examples of messages 9 and 10 in attached
file).

There is one case where the decoding does not take place properly. In the case
of message 13, the decoding is not achieved, although lengths and field
identifications seem to be good. The message is made up of 5 items, the 4 item
is eUTRAN-CGI and item 5 is TAI. These two are not decoded.

To properly see the trace, select one of the SCTP messages, and decode PPID=0
as S1AP.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.