Wireshark-users: Re: [Wireshark-users] stack mms/COTP/CLNP

From: "Anders Broman" <a.broman@xxxxxxxxx>
Date: Wed, 9 Aug 2006 15:32:34 +0200
Should we look into the possibility of adding a preference to the PRES
dissector where you can "force" a certain context to be dissected by a
higher layer dissector such as MMS?

-----Ursprungligt meddelande-----
Från: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] För Graeme Lunt
Skickat: den 9 augusti 2006 14:16
Till: Community support list for Wireshark
Ämne: Re: [Wireshark-users] stack mms/COTP/CLNP


On 8/9/06, Anders Broman <a.broman@xxxxxxxxx> wrote:
> Hi,
> Wireshark needs the frames setting up the connection to be able to decode
> what follows after the presentation level eg knowing what the the
> " presentation-context-identifier: 3" is. Presumably an OID is identifying
> this at setup.

That is usually the problem. You should have a
presentation-context-definition-list in the presentation layer during
the association establishment

This should associate presentation-context-identifier '3' to the
abstract-syntax-name "1.0.9506.2.1" or "1.0.9506.2.3" (not sure

If you don't have this, or it is not one of these OIDs, then you will
have a problem.

If you can send me your complete capture I will have a look for you.

Wireshark-users mailing list