Wireshark-dev: Re: [Wireshark-dev] Decoding raw SCCP packets using Wireshark
From: Jeff Morriss <[email protected]>
Date: Thu, 17 Jan 2008 12:56:49 -0500

James Lee wrote:
Hi. I'm trying to use wireshark to decode raw SCCP packets; i.e. the contents of an SCCP packet sent over an SS7 link, but where we have only the packet from the SCCP layer upwards available (so none of the lower-layer protocols like MTP3, MTP2, etc.).
Now I'm trying to do this by outputting the contents of the SCCP message 
to a binary ASCII file, and then running text2pcap over it as follows: 
"text2pcap -l 142 input.txt output.pcap" - where 142 is the value of 
DLT_SCCP which should be the correct link-layer type here I believe? 
 Text2pcap is perfectly happy and produces an pcap output file.
When I try to load this file in wireshark, I just get an error 
complaining about an unknown link layer type of 142.  For comparison, 
I've tried running the exact same text2pcap command but with "-l 141" 
(which is DLT_MTP3), and wireshark opens the file happily and tries to 
display an mtp3 packet (though the contents is incorrect as this binary 
file doesn't contain an mtp3 header).
 From this, and from looking at the source code it looks like wireshark 
doesn't support decoding raw SCCP packets unless I'm missing something - 
is this correct?  If so, then is there a simple way for me to be able to 
Yes, Wireshark was not set up to use this DLT value.  It's a bit late, I 
know, but I just added support for it in rev 24119.