ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: [Wireshark-users] RE : Re: Showing TCAP packets : Ethereal vs. Wireshark

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Marc Grün <marc.grun@xxxxxxxx>
Date: Thu, 13 Dec 2007 11:58:27 +0100 (CET)
Ethereal (Version 0.10.13) was already installed in the computer I'm using, and I know well it is obsolete. I'm using Wireshark Version 0.99.6 (SVN Rev 22249).

I added the out files for Ethereal and Wireshark concerning that packet. Ethereal is the only one to label it malformed, it goes fine with Wireshark.

I would not bother anyway, but what bugs me in fact is that TCAP is a Layer-7 (Application) protocol, whereas (I might be wrong, but well) SUA seems to belong to an inferior layer : how can they qualify both the very same packet ?
Which layers does in fact this SUA implement ?



Guy Harris <guy@xxxxxxxxxxxx> a �crit :
Marc Gr�n wrote:

> I'm doing communication between two machines using the SCCP User
> Adaptation (SUA) protocol. Using both Ethereal and Wireshark to capture
> the corresponding packets, I realized that Ethereal shows the
> connectionless datagram ones as "TCAP CLDT" (and they are said to be
> malformed...) whereas Wireshark shows the same as "SUA (RFC 3868) CLDT".
>
> Where does this divergence come from ?

Probably from a change in one of the dissectors between the two versions
of the software; the difference between "Ethereal" and "Wireshark" is
that "Ethereal" is the name the software had up to version 0.99.0 and
"Wireshark" is the name it had starting with version 0.99.2 (I don't
remember what happend to 0.99.1). See

http://www.wireshark.org/faq.html#q1.2

for why the name changed.

What are the version numbers of the two releases you're using? And do
you have a small capture file that demonstrates this (if you can just
extract one packet from the capture and read that into the two versions
and see the behavior, that would be ideal)?

Also, are the packets said to be malformed in the newer version? If so,
it might be that the older version wasn't correctly dissecting them.


_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail

Attachment: wireshark.out
Description: 3372899427-wireshark.out

Attachment: ethereal.out
Description: 2720842617-ethereal.out

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube