Hi,
The proper way to request features or report bugs is through https://bugs.wireshark.org/bugzilla/ or start a discussion on the mailing lists. If I look in the 3GPP specifications
TS 23.003 Chapter 2.4
…”The TMSI consists of 4 octets. It can be coded using a full hexadecimal representation.”… so displaying it as decimal may be misleading?
In packet-s1ap.c we have
M-TMSI TYPE = FT_UINT32 DISPLAY = BASE_DEC_HEX
Which will change the representation to be both decimal AND hexadecimal we could do that for NAS-EPS too I suppose.
“I’m trying to create a MATE file that will add IMSI to all packets in all common 3gpp core protocols.
My goal is to filter all messages related to a specific IMSI from a multi-subscriber and multi-protocol cap file.”
This would be a valuable feature I think and perhaps should be done by code rather than mate, perhaps you can share your mate files?
Regards
Anders
From: Dudi D <dudi.davidesko@xxxxxxxxx>
Sent: den 5 oktober 2020 08:10
To: Anders Broman <anders.broman@xxxxxxxxxxxx>
Subject: nas_eps value type change request
Hi Andres,
Sorry for this direct request, My name is Dudi and I’m a Packet Core Engineer.
I’m using WS a lot, i’m trying to create a MATE file that will add IMSI to all packets in all common 3gpp core protocols.
My goal is to filter all messages related to a specific IMSI from a multi-subscriber and multi-protocol cap file.
M-TMSI (under GUTI) value is in hex on nas_eps and dec in s1ap dissector.
nas_eps.emm.m_tmsi
s1ap.m_TMSI
So, because of this type difference, when using MATE, I cannot correlate between Attach/TAU to Service requests and Paging.
Is it possible to change in packet-nas_epc also to decimal like MME group ID and MMe Code ?
Do you think it's correct to use decimal here ?
https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-nas_eps.c#L6949
BR,
Dudi Davidesko
