Wireshark-dev: Re: [Wireshark-dev] Staus of ASN.1 dissectors - RRC and NAS-EPS (for LTE)
From: Pascal Quantin <[email protected]>
Date: Fri, 18 Feb 2011 13:24:49 +0100

2011/2/18 Anders Broman <[email protected]>
WS does not crash for me Version 1.5.1 (SVN Rev 35978 from /trunk) it's malformed. I can see that the packet is ony byte short
compared with the text version. Probably a fault in text2pcap. You can try the new feature to import text imput from the GUI
text2pacap might work better if you have the trailing ... there , like
0000   07 41 71 08 29 26 08 30 00 00 00 04 05 80 c0 00  .Aq.)&.0........
0010   00 00 00 04 02 01 d0                                           .......

The crash is due to the capital letters (NAS-EPS instead of nas-eps) in the DLT_USER configuration (at least it is how it behaves on my linux machine).


Or add an extra 00
I've included the fixed .pcap

From: Karl-Heinz ECKSTEIN [mailto:[email protected]]
Sent: den 18 februari 2011 11:17

To: Developer support list for Wireshark
Cc: Vincent HELFRE ; Anders Broman; Fatih ARDIC ; Karl-Heinz ECKSTEIN
Subject: RE: [Wireshark-dev] Staus of ASN.1 dissectors - RRC and NAS-EPS (for LTE)

Hello Vincent,

Hello Anders,


It looks like we all have a common mother!  J Interesting!

Many thanks for your hints!

Right now have the problem, that we receive a crash on wireshark, when we open the pcap file including one NAS-EPS(LTE) message.

The error message tells us:  “Runtime Error! – Program: C:\Program Files\Wireshark\wireshark.exe – This application has requested the Runtime to terminate it in an unusual way. Please contact the application support team for more information.”


What we have done before?

We “captured” a NAS (LTE) message outside of wireshark. This message was just extracted from a trace line, we receive from LTE platform (UE). This NAS message is expected to be correct.

Then we translated this text line (adding  a ‘000000’ in front of the NAS message) to pcap format. We use the command:

"c:\Program Files\Wireshark\text2pcap.exe" -l 147 NAS_message_test_6.txt NAS_message_test_6.pcap

We use a preference setup for the User 0 (DLT-147) and reference to protocol NAS-EPS in wireshark. (User 0 (DLT=147), NAS-EPS,0,””’,0,””

When we start wireshark, we crash.


Do we something wrong, or could it be an error?


Many thanks!



Best regards
Karl Heinz Eckstein





From: [email protected] [mailto:[email protected]] On Behalf Of Anders Broman
Sent: Donnerstag, 17. Februar 2011 18:45
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Staus of ASN.1 dissectors - RRC and NAS-EPS (for LTE)



Both the NAS-EPS dissector and the LTE-RRC dissector are fairly well updated however you need to call them by using a User DLT

or something like that.




From: [email protected] [mailto:[email protected]] On Behalf Of Karl-Heinz ECKSTEIN
Sent: den 17 februari 2011 18:00
To: [email protected]
Subject: [Wireshark-dev] Staus of ASN.1 dissectors - RRC and NAS-EPS (for LTE)


May I ask, which status is applicable on ASN.1, especially dissector of RRC and NAS-EPS.

I’m asking, because I’m trying to dissector a pcap file, which I had generated via text2pcap from a LTE NAS message.

The NAS message is not “decoded”/dissectored by wireshark in my example. But NAS-EPS is available in Filters but not in preferences.

I’m using latest 1.5.1 build.


Many thanks for any help about this.

Best regards

Karl Heinz Eckstein


Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:[email protected]?subject=unsubscribe