|
Hi all,
I'm trying to use tshark display filter "-R" to
show camel part of my pcap file (sybsystem number is 146). Although it can be
done by modify the camel "TCAP SSNs" range in wireshark, I could not find a way
to modify the range of SSN in tshark.
the command I tried is like following:
tshark -V -R ",camel," -r
inputfile.pcap
or tshark -V -R ",sccp.ssn > 6 " -r
inputfile.pcap
it said "The ssn used to dissect CAMEL is
configurable." however where to configure it?
below is what I get from tshark, the camel part is
not readable.
=========================================================================
Signalling Connection Control
Part
Message Type: Unitdata (0x09)
.... 0000 = Class: 0x00
0000 .... = Message handling: No
special options (0x00)
Pointer to first Mandatory Variable
parameter: 3
...skipping...
.... .... .... .... ..00 1111 1010 0000 = DPC:
4000
.... 0000 0001 1001 11.. ....
.... .... = OPC: 103
1101 ....
.... .... .... .... .... .... = Signalling Link Selector: 13
Signalling
Connection Control Part
Message Type: Unitdata
(0x09)
.... 0000 = Class: 0x00
0000
.... = Message handling: No special options (0x00)
Pointer
to first Mandatory Variable parameter: 3
Pointer to second
Mandatory Variable parameter: 15
Pointer to third
Mandatory Variable parameter: 27
Called Party address (12
bytes)
Address
Indicator
.0.. .... = Routing Indicator: Route on GT
(0x00)
..01 00.. = Global Title Indicator: Translation Type, Numbering Plan, Encoding
Scheme, and Nature of
Address Indicator included
(0x04)
.... ..1. = SubSystem Number Indicator: SSN present
(0x01)
.... ...1 = Point Code Indicator: Point Code present
(0x01)
..00 1111 1010 0000 = PC:
4000
SubSystem Number: CAP
(146)
Global Title
0x4 (8
bytes)
Translation Type:
0x00
0111
.... = Numbering Plan: ISDN/mobile
(0x07)
.... 0010 = Encoding Scheme: BCD, even number of digits
(0x02)
.000 0100 = Nature of Address Indicator: International number
(0x04)
Address information (digits): 6592771015
Calling Party
address (12 bytes)
Address
Indicator
.0.. .... = Routing Indicator: Route on GT
(0x00)
..01 00.. = Global Title Indicator: Translation Type, Numbering Plan, Encoding
Scheme, and Nature of
Address Indicator included
(0x04)
.... ..1. = SubSystem Number Indicator: SSN present
(0x01)
.... ...1 = Point Code Indicator: Point Code present
(0x01)
..00 0111 1101 0000 = PC:
2000
SubSystem Number: SSN not
known/not used (0)
Global Title
0x4 (8
bytes)
Translation Type:
0x00
0111
.... = Numbering Plan: ISDN/mobile
(0x07)
.... 0010 = Encoding Scheme: BCD, even number of digits
(0x02)
.000 0100 = Nature of Address Indicator: International number
(0x04)
Address information (digits): 6593524066
Data (81
bytes)
0000 62 4f 48 04 18 22 00
01 6b 1e 28 1c 06 07 00 11 bOH.."..k.(.....
0010 86 05 01
01 01 a0 11 60 0f 80 02 07 80 a1 09 06
.......`........
0020 07 04 00 00 01 00 32 01 6c 27 a1 25 02 01 01
02 ......2.l'.%....
0030 01 00 30 1d 80 01 7b 82 07 04 40
56 59 77 01 51 ..0...{[email protected]
0040 83
07 04 40 56 69 25 04 66 9f 32 05 78 00 00 00 ...@Vi%.f.2.x...
0050
00
.
===============================================================================================
Thanks to share with me your thought!
Joyce
| 
