Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Staus of ASN.1 dissectors - RRC and NAS-EPS (for LTE)

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Fri, 18 Feb 2011 13:24:49 +0100
Hi,

2011/2/18 Anders Broman <anders.broman@xxxxxxxxxxxx>
Hi,
WS does not crash for me Version 1.5.1 (SVN Rev 35978 from /trunk) it's malformed. I can see that the packet is ony byte short
compared with the text version. Probably a fault in text2pcap. You can try the new feature to import text imput from the GUI
File->import.
text2pacap might work better if you have the trailing ... there , like
0000   07 41 71 08 29 26 08 30 00 00 00 04 05 80 c0 00  .Aq.)&.0........
0010   00 00 00 04 02 01 d0                                           .......

The crash is due to the capital letters (NAS-EPS instead of nas-eps) in the DLT_USER configuration (at least it is how it behaves on my linux machine).

Regards,
Pascal.

 
Or add an extra 00
I've included the fixed .pcap
Regards
Anders


From: Karl-Heinz ECKSTEIN [mailto:karl-heinz.eckstein@xxxxxxxxxxxxxx]
Sent: den 18 februari 2011 11:17

To: Developer support list for Wireshark
Cc: Vincent HELFRE ; Anders Broman; Fatih ARDIC ; Karl-Heinz ECKSTEIN
Subject: RE: [Wireshark-dev] Staus of ASN.1 dissectors - RRC and NAS-EPS (for LTE)

Hello Vincent,

Hello Anders,

 

It looks like we all have a common mother!  J Interesting!

Many thanks for your hints!

Right now have the problem, that we receive a crash on wireshark, when we open the pcap file including one NAS-EPS(LTE) message.

The error message tells us:  “Runtime Error! – Program: C:\Program Files\Wireshark\wireshark.exe – This application has requested the Runtime to terminate it in an unusual way. Please contact the application support team for more information.”

 

What we have done before?

We “captured” a NAS (LTE) message outside of wireshark. This message was just extracted from a trace line, we receive from LTE platform (UE). This NAS message is expected to be correct.

Then we translated this text line (adding  a ‘000000’ in front of the NAS message) to pcap format. We use the command:

"c:\Program Files\Wireshark\text2pcap.exe" -l 147 NAS_message_test_6.txt NAS_message_test_6.pcap

We use a preference setup for the User 0 (DLT-147) and reference to protocol NAS-EPS in wireshark. (User 0 (DLT=147), NAS-EPS,0,””’,0,””

When we start wireshark, we crash.

 

Do we something wrong, or could it be an error?

 

Many thanks!

 

 

Best regards
Karl Heinz Eckstein

 

 

 

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: Donnerstag, 17. Februar 2011 18:45
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Staus of ASN.1 dissectors - RRC and NAS-EPS (for LTE)

 

Hi,

Both the NAS-EPS dissector and the LTE-RRC dissector are fairly well updated however you need to call them by using a User DLT

or something like that.

Regards

Anders

 


From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Karl-Heinz ECKSTEIN
Sent: den 17 februari 2011 18:00
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Staus of ASN.1 dissectors - RRC and NAS-EPS (for LTE)

Hello,

May I ask, which status is applicable on ASN.1, especially dissector of RRC and NAS-EPS.

I’m asking, because I’m trying to dissector a pcap file, which I had generated via text2pcap from a LTE NAS message.

The NAS message is not “decoded”/dissectored by wireshark in my example. But NAS-EPS is available in Filters but not in preferences.

I’m using latest 1.5.1 build.

 

Many thanks for any help about this.

Best regards

Karl Heinz Eckstein

 


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe