Wireshark-dev: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks
From: "Michael Lum" <[email protected]>
Date: Tue, 22 Aug 2006 13:27:32 -0700
I think you're right.

I had it implemented that way originally.

I had a preference for TCAP to be either ITU or ANSI.

I believe GSM MAP has to be carried on ITU TCAP and ANSI MAP on ANSI TCAP
but maybe there were issues with other protocols on top of TCAP that caused
problems. 

I don't know the history behind the removal of the preference.

--
Michael Lum                  Principal Software Engineer
4600 Jacombs Road            +1.604.276.0055
Richmond, B.C.
Canada V6V 3B1
UTStarcom Canada, Inc.
CDMA Division



-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Anders Broman
Sent: August 22, 2006 1:10 PM
To: 'Developer support list for Wireshark'
Subject: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks

Hi,
There is a problem when ssn's overlap. I originally had ANSI MAP and GSM MAP
overlapping but still got it decoded as ANSI MAP, changing the GSM MAP
preference got it to not decode then changing the ANSI MAP Preference again
got proper decoding.

Perhaps the whole preference setting should be done in TCAP instead?

Brg
Anders

-----Ursprungligt meddelande-----
Från: [email protected]
[mailto:[email protected]] För Michael Lum
Skickat: den 22 augusti 2006 22:02
Till: 'Developer support list for Wireshark'
Ämne: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks

There may be a couple of problems here.

The capture file contains ANSI MAP not GSM MAP.

 


--
Michael Lum                  Principal Software Engineer
4600 Jacombs Road            +1.604.276.0055
Richmond, B.C.
Canada V6V 3B1
UTStarcom Canada, Inc.
CDMA Division



-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Jeff Morriss
Sent: August 22, 2006 6:28 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] FW: ANSI MAP / TCAP dissector hooks


Anders Broman wrote:
> Hi,
> As far as I know the only change was to use range rather than a single 
> ssn value in the preferences of ANSI MAP, probably you got owerlaping 
> ssn definitions in your preferences ( CAMEL ,GSM MAP, RANAP ... ) what 
> does it say at the ssn entry in the SCCP part of the dissection?

Hmm, when I load that capture file the SCCP portion says:

SSN: 6
[Linked to TCAP, TCAP ssn linked to GSM_MAP]

which looks OK.

However, the bottom of the TCAP protocol tree says says "BER Error: 
Wrong field in sequence [...]".

I suppose that's preventing the TCAP dissector from calling the GSM_MAP
dissector.

[If so should such BER errors fail an assertion or something so the packet
shows up as malformed/dissector bug/whatever??]

> -----Original Message-----
> From: Michael Lum [mailto:[email protected]]
> Sent: August 9, 2006 12:18 PM
> To: '[email protected]'
> Subject: ANSI MAP / TCAP dissector hooks
> 
> Hello,
> 
> why was the way ANSI MAP hooks into TCAP changed?
> 
> I believe there is a problem with it.
> 
> I have attached a capture file with the following:
> 
> SCTP
> M2UA
> MTP3 (ITU)
> SCCP
> TCAP (ANSI)
> ANSI MAP
> 
> My preferences were set to:
> 
> MTP3 (ANSI)
> ANSI MAP (SSN RANGE 5-14)
> 
> Procedure:
> 
> 1.  Start Ethereal
> 2.  Set filters
> 3.  Load file
> 
> Frames show up as SCCP (ANSI), ERR and DT2
> 
> 4.  Edit preferences, change MTP3 -> ITU
> 
> With Ethereal 0.99.0 everything works fine the four frames come out 
> decoded as ANSI MAP
> with:
> 
> UDT QueryWithPermInvoke(Last) Location Request UDT
> QueryWithPermInvoke(Last) Routing Request UDT ResponseRetRes(Last) UDT
> ResponseRetRes(Last)
> 
> Following the same procedure with Wireshark 0.99.2 the decode goes as 
> far as TCAP but not ANSI MAP.
> 
> To get the decode to work properly I have to:
> 
> 5.  Edit preferences, change ANSI MAP SSN Range to something 
> different, apply

_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev

_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev


_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev