For calls IOS 5 uses connection-oriented SCCP in the same manner as
BSSAP.
Using the SCCP preference you mentioned is how I looked at my
trace but there are some problems with the SCCP handling in
voip_calls.c.
- it uses SCCP Connection Request as the start of a call when that
message
can be used for non-call related procedures, i.e. location updates,
SMS, etc.
I don't understand why SCCP is used in VoIP Calls for call state.
I understand how SCCP connections work and the requirement to match the
SLR/DLR
in the SCCP CC to tie all the messaging together, but only the upper
protocols
such as RANAP/IOS/BSSAP know the complete call state.
I thought I would want the IOS dissector to use the SCCP associations
for
call analysis but it doesn't seem that anybody is doing that with the
other
dissectors.
?
Thanks.
--
Michael Lum Principal Software Engineer
4600 Jacombs Road +1.604.276.0055
Richmond, B.C.
Canada V6V 3B1
Star Solutions
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Luis EG
Ontanon
Sent: November 20, 2008 10:23 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] VoIP call analysis
if IOS5 uses the connection-less SCCP service SCCP-connection-tracking
cannot help you.
If it instead uses the Conection-Oriented SCCP service, you can take a
look at how RANAP and BSSAP put "interesting information" into the SCCP
data for the packet/connection.
(Beware that in order to trace calls SCCP needs the "Keep Track of..."
preference being enabled).
BR
Lego
On Thu, Nov 20, 2008 at 7:15 PM, Michael Lum
<michael.lum@xxxxxxxxxxxxxxxxx> wrote:
> Hi,
>
> I'm looking at voip_calls.c and there is a voip_protocol_name array
> that contains, among others, SCCP, BSSMAP and RANAP.
>
> How does this work for a with the following partial stack:
>
> BSSMAP or RANAP
> SCCP
> M3UA
> ...
>
> ?
>
> I tried out one of my traces with SCCP and it sort of works.
> Was it meant to be used with the above or for some other kind of
> protocol layering ?
> (I thought only "A-interfaces" used connection-oriented SCCP.)
>
> I say it only sort of works because SCCP can't determine a call state
> or even imply a call is taking place.
>
> Should I just ignore the SCCP code eventhough IOS 5 is carried on it ?
>
> Thanks.
>
> --
> Michael Lum Principal Software Engineer
> 4600 Jacombs Road +1.604.276.0055
> Richmond, B.C.
> Canada V6V 3B1
> Star Solutions
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
--
This information is top security. When you have read it, destroy
yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
