Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Wireshark bug when dissect the MC interface trace

From: Hui Wei <hui.wei@xxxxxxxxxxxx>
Date: Wed, 21 Jul 2010 16:06:19 +0800
Hi,
 
When I use the wireshark to dissect the MC interface trace, it regard each IP packet as one message. However, there are several upper layer messages enbedded in the same one IP packet.
 
Therefore, when I use the following Tshark command to dissect that, it can only generate 1 gsm message:
tshark -r MC_SAMPLE_LOGS -R "gsm_a.dtap_msg_mm_type > 0 or gsm_a.dtap_msg_cc_type > 0 or gsm_a.bssmap_msgtype > 0 or sccp.message_type > 0" -T fields -E header=y -e frame -e frame.time_epoch -e ip.src -e ip.dst -e sccp.slr -e sccp.dlr -e sccp.message_type -e gsm_a.dtap_msg_mm_type -e gsm_a.dtap_msg_cc_type -e gsm_a.bssmap_msgtype -e gsm_a.imsi > result_MO.txt
 
As below:
frame frame.time_epoch ip.src ip.dst sccp.slr sccp.dlr sccp.message_type gsm_a.dtap_msg_mm_type gsm_a.dtap_msg_cc_type gsm_a.bssmap_msgtype gsm_a.imsi
Frame 1: 1170 bytes on wire (9360 bits), 1170 bytes captured (9360 bits) 1271940351 10.37.11.26 10.37.19.18 0xa80003 0x0a16ec 0x05 0x08   0x55 4.60002E+14
 
The protocol hierarchy is show as below:
 
 
The original dump packet is attached as below:
Could anybody help me to repair that?
 
Thanks!
 
 
Best Regards!
 
Wei Hui
 
Ericsson (China) Communications Company Ltd. Nanjing Branch
6F No.2 Building Nanjing IC Design Park,
No.89 Shengli Road. Jiangning Economic & Technology Development Zone
Nanjing, P.R.China
Post Code:       211100
 
Tel:                 +86 25 87128000
Fax:                +86 25 87128001
Mobile:             +86 13951612835
E-mail:             hui.wei@xxxxxxxxxxxx
 
 

Attachment: packet_MC.dump
Description: packet_MC.dump