Wireshark-dev: Re: [Wireshark-dev] SCCP and CAMEL packets
From: Jeff Morriss <[email protected]>
Date: Tue, 28 May 2013 14:12:31 -0400
On 05/25/13 17:31, Cristian Constantin wrote:
[...]
I do NOT really understand how the SCCP users table functions.
facts:

1. I download the capture posted at:

http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=camel.pcap

and I open it with wireshark.

2. after editing the SCCP users table to contain:

NI = 2
Called DPC = 100
Called SSN = 200
User Protocol = CAMEL

wireshark will correctly decode the payload of the SCCP unit data as TCAP/CAP.
(the NI, DPC, SSN above match the ones in the SCCP packets)

3. I download the capture posted at:

http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=camel2.pcap

and I open it with wireshark.

3. after editing the SCCP users table to contain:

NI = 2
Called SSN = 146
User Protocol = CAMEL

wireshark WON'T decode the payload, showing it as opaque data in hex.
the NI and SSN above
match the ones in the SCCP packets. however in this case there are NO
PC either in the called
addres or in the calling one; both of them use global titles.

what is wrong?
The "user table" stuff is there to deal with the problem that 2 
different PCs could use the same SSN for different protocols (that 
according to the checkin comment for r21321).  As such (and after 
looking at the code) it would appear that the PCs are mandatory fields 
the the user table.
I suppose the UI should be rejecting entries without a PC--I'll see if I 
can fix that.
Why not just set the CAMEL SSN to 146?  Or set the SCCP default payload 
to TCAP?