ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 12286] New: tshark can't decode s1ap message

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 24 Mar 2016 12:13:44 +0000
Bug ID 12286
Summary tshark can't decode s1ap message
Product Wireshark
Version 2.1.x (Experimental)
Hardware x86-64
OS Fedora
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Build Information:
tshark -v
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 2.0.3 (SVN Rev Unknown from unknown)

Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, without POSIX capabilities, without libnl, with
libz 1.2.7, with GLib 2.36.4, without SMI, without c-ares, without ADNS,
without
Lua, without GnuTLS, without Gcrypt, without Kerberos, without GeoIP.

Running on Linux 3.14.27-100.fc19.x86_64, with locale en_US.UTF-8, with libpcap
version 1.4.0, with libz 1.2.7.
Intel(R) Xeon(R) CPU           X3210  @ 2.13GHz

Built using gcc 4.8.3 20140911 (Red Hat 4.8.3-7).

--
Hi,

Following up Bug 12276 and question
https://ask.wireshark.org/questions/51141/tshark-cant-decode-s1ap-message, 

I have installed the latest nightly version of Wireshark in my linux box and
some fields don't show up correctly. To be more specific, regarding diameter
messages that were 'unknown' before, I tweaked dictionary.xml and are now shown
correctly. 

In a specific S1AP message, there is a new field added in the packet, which is
not correctly decoded by Wireshark. This field is dislayed as "Item 7:
unknown(195)", which is not the correct name. Of course subfields of that field
are not displayed correctly either.

Problem is that can't find out how to do the same with s1ap messages. Any clue? 

Thanks!

What I get when exporting this field to pdml is:

<field name="" show="Item 7: unknown (195)" size="5" pos="294"
value="00c3400164">
                <field name="s1ap.ProtocolIE_Field_element"
showname="ProtocolIE-Field" size="5" pos="294" show="" value="">
                  <field name="s1ap.id" showname="id: Unknown (195)" size="2"
pos="294" show="195" value="00c3"/>
                  <field name="per.enum_index" showname="Enumerated Index: 1"
hide="yes" size="1" pos="296" show="1" value="40"/>
                  <field name="s1ap.criticality" showname="criticality: ignore
(1)" size="1" pos="296" show="1" value="40"/>
                  <field name="per.open_type_length" showname="Open Type
Length: 1" hide="yes" size="1" pos="297" show="1" value="01"/>
                  <field name="s1ap.value_element" showname="value" size="1"
pos="298" show="" value=""/>
                </field>
              </field>


Br,
Sotiris

You are receiving this mail because:
  • You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube