Does it use Connection Oriented or Connection Less?
SCCP and SUA carry the SSN number only in the CC message. So, In order
to know which subdissector to use for CO messages other than CC
SCCP/SUA mantains a table of connections, this is disabled by default
(try enabling "Trace Associations" in SCCP preferences). That has been
tested with SCCP, the implementation in SUA has not being thoroughly
tested due to lack of capture files.
If you can send a capture file we might see what's going with SUA's
connection tracking
(cut the capture just after the SUA header)
On Tue, Jul 15, 2008 at 2:27 PM, <atdev.queries@xxxxxxxxx> wrote:
> Hi
>
> It was my mistake, they are 90 and 91 only not 91 and 92 as stated first.
>
> Regards,
> Chandra.
>
> ________________________________
>
> From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of Abhik Sarkar
> Sent: Tue 7/15/2008 5:41 PM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] How to register the plugins
>
>
>
> You said initially that the SSN's are 91 and 92, but you are
> subsequently using 90 and 91 during registration... Not sure if that
> is correct. If it isn't then XXX messages should be dissected as YYY
> messages.
>
> Also, you might want to not register the heuristic dissector and try.
>
> HTH
> Abhik.
>
> On Tue, Jul 15, 2008 at 3:39 PM, <atdev.queries@xxxxxxxxx> wrote:
>> Hi all,
>>
>>
>>
>> I wrote two plugins which run on sua layer. The plugins are xxx and yyy and
>> their subsystem no. are 91 and 92 respectively.
>>
>>
>>
>> Now I registered the two protocols as
>>
>>
>>
>> For XXX plugin:
>>
>>
>>
>> static guint global_xxx_ssn = 90;
>>
>>
>>
>> Void proto_reg_handoff_xxx(void)
>>
>> {
>>
>> static dissector_handle_t xxx_handle;
>>
>> heur_dissector_add("sua", dissect_xxx, proto_xxx);
>>
>> xxx_handle = create_dissector_handle(dissect_xxx, proto_xxx);
>>
>> dissector_add("sccp.ssn", global_xxx_ssn, xxx_handle);
>>
>>
>>
>> }
>>
>>
>>
>> For YYY plugin:
>>
>>
>>
>> static guint global_yyy_ssn = 91;
>>
>>
>>
>> Void proto_reg_handoff_yyy(void)
>>
>> {
>>
>> static dissector_handle_t yyy_handle;
>>
>> heur_dissector_add("sua", dissect_yyy, proto_yyy);
>>
>> yyy_handle = create_dissector_handle(dissect_yyy, proto_yyy);
>>
>> dissector_add("sccp.ssn", global_yyy_ssn, yyy_handle);
>>
>>
>>
>> }
>>
>>
>>
>> Now the problem is the data what ever comes above sua layer is dissected as
>> yyy protocol.
>>
>> The data which comes after yyy protocol is dissected as xxx protocol.
>>
>> But both the plugins should run on sua layer and depending on subsystem no.
>> they have to be differentiated.
>>
>>
>>
>> Can any one please suggest me how to register the plugins properly so that
>> then can be dissected properly on sua layer?
>>
>>
>>
>> Thanks in advance,
>>
>> Atdev.
>>
>> Please do not print this email unless it is absolutely necessary.
>>
>> The information contained in this electronic message and any attachments to
>> this message are intended for the exclusive use of the addressee(s) and may
>> contain proprietary, confidential or privileged information. If you are not
>> the intended recipient, you should not disseminate, distribute or copy this
>> e-mail. Please notify the sender immediately and destroy all copies of this
>> message and any attachments.
>>
>> WARNING: Computer viruses can be transmitted via email. The recipient should
>> check this email and any attachments for the presence of viruses. The
>> company accepts no liability for any damage caused by any virus transmitted
>> by this email.
>>
>> www.wipro.com
>>
>> _______________________________________________
>> Wireshark-dev mailing list
>> Wireshark-dev@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-dev
>>
>>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
>
>
> Please do not print this email unless it is absolutely necessary.
>
> The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
>
> WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
>
> www.wipro.com
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
