Wireshark · Wireshark-dev: [Wireshark-dev] LTE S1 decode bug?

[Michael Sukhar <devlist@xxxxxxxxxxx>]

LTE S1 NAS_PDU (field starts at byte 104) decoding has a possible problem. Attached is the pcap log with the LTE S1 packet in question, and the alternative decoding in html file.

Regards,
Michael

Attachment: s1.pcap
Description: Binary data

Title: Message - Online Message Decoder - Linkbit Inc.

00 22 64 2B 79 3A 00 1E 68 45 62 1A 08 00 45 00 00 84 0A E0 00 00 80 84 18 93 0A B7 00 E2 0A B7 00 34 0B 58 0B 58 00 00 4D 3D 6D 28 94 42 03 00 00 10 00 00 15 BE 00 00 7F FF 00 00 00 00 00 03 00 52 00 00 22 AF 00 02 00 1E 00 00 00 12 00 09 00 3E 00 00 03 00 18 00 29 00 00 34 00 24 40 00 00 00 00 00 00 00 00 00 19 17 00 00 00 00 00 07 42 10 00 00 00 0C 02 00 C1 01 00 00 05 01 00 00 00 00 00 08 00 02 00 01 00 00 00 04 00 00 00 0D 00 00

POS	BINARY	NAME	VALUE
		Ethernet L2
0-5		Dst	6 Octets (hex): 00 22 64 2B 79...
6-11		Src	6 Octets (hex): 00 1E 68 45 62...
12-13		Type	2048 (IPv4)
14-145		Data	132 Octets (hex): 45 00 00 84 0A...
		IPv4
14	0100....	Version	4 (Version 4)
	....0101	IHL	5
		Type Of Service
15	000.....	Precedence	Routine (0)
	...0....	Delay	Normal Delay (0)
	....0...	Throughput	Normal Throughput (0)
	.....0..	Reliability	Normal Reliability (0)
	......00	Reserved	0
		Total Length
16-17		Total Length	132
		Identification
18-19		Identification	2784
		Flags
20	0.......	Reserved	0
	.0......	Fragmentation	May Fragment (0)
	..0.....	Fragment	Last Fragment (0)
		Fragment Offset
20-21		Fragment Offset	0
		TTL
22	10000000	TTL	128
		Protocol
23	10000100	Protocol	132 (SCTP)
		Header Checksum
24-25		Header Checksum	6291
		Source Address
26-29		Source Address	10.183.0.226
		Destination Address
30-33		Destination Address	10.183.0.52
		Options
		Options	0 Elements
		Padding
		Padding	0 Bits
		Data
34-145		Data	112 Octets (hex): 0B 58 0B 58 00...
		SCTP: [SACK, DATA]
34-35		Source Port	2904
36-37		Destination Port	2904
38-41		Verification Tag	19773
42-45		Checksum	1831375938 (6D289442 hex)
		Chunks
46-61		Chunks[0]	SACK
46-61		SACK	see below
46	00000011	Chunk Type	SACK (3)
47	00000000	Chunk Flags	0
48-49		Chunk Length	16
50-53		Cumulative TSN Ack	5566
54-57		Advertised Receiver Window Credit	32767
58-59		Number of Gap Ack Blocks	0
60-61		Number of Duplicate TSNs	0
		Gap Ack Block	0 Elements
		Duplicate TSN	0 Elements
62-145		Chunks[1]	DATA
62-145		DATA	see below
62	00000000	Chunk Type	DATA (0)
63	00000...	Chunk Flags	0
	.....0..	U	this is an ordered DATA chunk (0)
	......11	BE	Unfragmented Message (3)
64-65		Chunk Length	82
66-69		TSN	8879
70-71		Stream Identifier S	2
72-73		Stream Sequence Number n	30
74-77		Payload Protocol Identifier	S1AP (18)
78-143		User Data	66 Octets (hex): 00 09 00 3E 00...
		LTE S1AP: InitiatingMessage [initialContextSetup]
78-79		procedureCode	9 (initialContextSetup)
80	00......	criticality	reject (0)
		value
82-143		InitialContextSetupRequest	see below
82-143		protocolIEs	3 Elements
85-129		protocolIEs[0]	see below
85-86		id	24 (E_RABToBeSetupListCtxtSUReq)
87	00......	criticality	reject (0)
87-129		value	E_RABToBeSetupListCtxtSUReq
89-129		E_RABToBeSetupListCtxtSUReq	1 Elements
90-129		E_RABToBeSetupListCtxtSUReq[0]	see below
90-91		id	52 (E_RABToBeSetupItemCtxtSUReq)
92	00......	criticality	reject (0)
92-129		value	E_RABToBeSetupItemCtxtSUReq
94-129		E_RABToBeSetupItemCtxtSUReq	see below
94	...00000	e_RAB_ID	0
95-97		e_RABlevelQoSParameters	see below
95-96		qCI	0
97	00000000	allocationRetentionPriority	see below
	..0000..	priorityLevel	0 (spare)
	......0.	pre_emptionCapability	shall_not_trigger_pre_emption (0)
	.......0	pre_emptionVulnerability	not_pre_emptable (0)
98-99		transportLayerAddress	1 Bits: 0
99-103		gTP_TEID	4 Octets (hex): 00 00 00 00
104-129		nAS_PDU	25 Octets (hex): 17 00 00 00 00...
130-135		protocolIEs[1]	see below
130-131		id	8 (eNB_UE_S1AP_ID)
132	00......	criticality	reject (0)
132-135		value	ENB_UE_S1AP_ID
134-135		ENB_UE_S1AP_ID	1
136-143		protocolIEs[2]	see below
136-137		id	0 (MME_UE_S1AP_ID)
138	00......	criticality	reject (0)
138-143		value	MME_UE_S1AP_ID
140-143		MME_UE_S1AP_ID	13
		LTE NAS: INTEGRITY PROTECTED NAS MESSAGE (DOWNLINK)
105	....0111	Protocol discriminator	7 (EPS mobility management messages)
	0001....	Security header type	1 (Integrity protected NAS message (Downlink))
106-109		Message authentication code	4 Octets (hex): 00 00 00 00
110	00000000	Sequence number	0
111-129		Downlink NAS message	19 Octets (hex): 07 42 10 00 00...
		LTE EMM: ATTACH ACCEPT
111	....0111	Protocol discriminator	7 (EPS mobility management messages)
	0000....	Security header type	0 (Plain NAS message, not security protected)
		Attach accept message identity
112	01000010	Message type	Attach accept (66)
		EPS attach result
113	0.......	spare	0
	.001....	Result of attach	EOS only attached (1)
		Spare half octet
	....0000	Spare half octet	0
		T3412 value
114	000.....	Unit	0 (value is incremented in multiples of 2 seconds)
	...00000	Timer value	0
		TAI list
115	00000000	Length indicator	0
		Partial tracking area identity list	0 Elements
		ESM message container
116-117		Length indicator	12
118-129		ESM message container contents	12 Octets (hex): 02 00 C1 01 00...
		LTE ESM: ACTIVATE DEFAULT EPS BEARER CONTEXT REQUEST
118	....0010	Protocol discriminator	2 (EPS session management messages)
	0000....	EPS bearer identity	0 -> Reserved
119	00000000	Procedure transaction identity	0 (No procedure transaction identity assigned) -> Procedure transaction identity value
		Activate default EPS bearer context request message identity
120	11000001	Message type	Activate default EPS bearer context request (193)
		EPS QoS
121	00000001	Length indicator	1
122	00000000	QCI	UE to network: Network selects the QCI / network to UE: Reserved (0)
		Access point name
123	00000000	Length indicator	0
		Access point name value	0 Elements
		PDN address
124	00000101	Length indicator	5
125	00000...	spare	0
	.....001	PDN Type value	IPv4 (1)
126-129		IPv4 Address	0.0.0.0