Wireshark-dev: Re: [Wireshark-dev] ASN.1 dissector non-functional?
From: Graeme Lunt <[email protected]>
Date: Tue, 9 Aug 2011 18:12:51 +0100

> Thanks for looking at this.
> In the attached CSTA trace file, I cannot "Decode As" ASN.1 on the first packet.
> (ASN.1 is not listed in the protocol list after selecting "Decode As ...", see screenshot)

I can't see were we lost this functionality, but it is
straight-forward to add it [back]. Note that the change introduces a
"Decode As ... " "BER", which I what I would have expected (rather
than "ASN.1").

However, much of the "Data" in your example capture file does not
appear to be valid ASN.1 (Frame 6 seems to have the first valid ASN.1)
For example, the Data in the first packet frame starts "00A3..." "00"
is EOC and "A3" is a length which does match the length of the
remaining data. However, this is a use of EOC I am not familiar with
(and neither is Wireshark at the moment). EOC is usually used with a
"00" length at the end of indefinitely encoded constructed BER.

So before I commit this change, could you confirm that you do really
want to decode ASN.1 over transport (with no intervening layer),
and/or maybe point me at this use of EOC?

Of course, this may be the bug you are trying to diagnose with Wireshark.


> This works in an old version of Ethereal.