Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] stack mms/COTP/CLNP

From: "Anders Broman" <a.broman@xxxxxxxxx>
Date: Wed, 9 Aug 2006 15:32:34 +0200
Hi,
Should we look into the possibility of adding a preference to the PRES
dissector where you can "force" a certain context to be dissected by a
higher layer dissector such as MMS?
Brg
Anders

-----Ursprungligt meddelande-----
Från: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] För Graeme Lunt
Skickat: den 9 augusti 2006 14:16
Till: Community support list for Wireshark
Ämne: Re: [Wireshark-users] stack mms/COTP/CLNP

Angel,

On 8/9/06, Anders Broman <a.broman@xxxxxxxxx> wrote:
> Hi,
> Wireshark needs the frames setting up the connection to be able to decode
> what follows after the presentation level eg knowing what the the
> " presentation-context-identifier: 3" is. Presumably an OID is identifying
> this at setup.

That is usually the problem. You should have a
presentation-context-definition-list in the presentation layer during
the association establishment

This should associate presentation-context-identifier '3' to the
abstract-syntax-name "1.0.9506.2.1" or "1.0.9506.2.3" (not sure
which).

If you don't have this, or it is not one of these OIDs, then you will
have a problem.

If you can send me your complete capture I will have a look for you.

Graeme
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users