Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] ASN1 deode issue in H248 message

From: Alex Lindberg <alindber@xxxxxxxxx>
Date: Mon, 13 Feb 2012 12:49:17 -0800 (PST)
When decoding an H248 ANS1 V1 message, the following TVB is presented to dissect_h248_sequence function (epan/dissectors/packet-ber.c)

30 06 80 02 00 02 81 00

which is interpreted as:

        00.. .... = Class: UNIVERSAL (0)
        ..1. .... = P/C: Constructed Encoding
        ...1 0000 = Tag: SEQUENCE (16)
        Length: 6
        10.. .... = Class: CONTEXT (2)
        ..0. .... = P/C: Primitive Encoding
        ...0 0000 = Tag: 0
        Length: 2
        eventParamterName: 0002
        10.. .... = Class: CONTEXT (2)
        ..0. .... = P/C: Primitive Encoding
        ...0 0001 = Tag: 1
        Length: 0
        value:

The issue is that the 2nd value of the sequence in this case is a Boolean value but the decode shows a length of zero instead. 

Is there a way round this issue?

Thanks as always.
Alex Lindberg