Thanks Weiner.
I think I did put my question correctly.?
What I am after is how to decode the q931 under IUA messages using the
wireshark. I can decode v5.2 messages under V5UA without any issues. For
some reason I am unable to decode Q931 under IUA. Both IUA & V5UA are
piggybacked on SCTP. Pls refer to my previous mail attachment for sample
trace.
regards
Ravi
<<mailto:ravi.rajaratnam@xxxxxxxxxxxx>>
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Alan Jay
Weiner
Sent: Wednesday, 12 March 2008 11:25 AM
To: 'Community support list for Wireshark'
Subject: Re: [Wireshark-users] IUA decode
Hi Ravi,
I see several things about this packet:
1) it's using Adler-32 checksum instead of CRC32c (see RFC 3309)
2) the upper-layer protocol (payload protocol identifier) is not
specified
(it is 0; for IUA it should be 0x01). I'm not sure why the rest of the
packet is decoded; it seems to me it should be treated as opaque data
and
not decoded.
Assuming that decoding it is correct, then the IUA decodes as a Release
Indication (message class 0x05, message type 0x0a; see RFC 4233 section
3.1.2), and includes an Integer Interface ID as a parameter. But the
IID
parameter length is given as 45 - it should be 8 for an integer-based
Interface ID. The parameter tag of 0x01 indicates the Integer Interface
Identifier. Perhaps it should be 0x03 for a text-based Interface
Identifier? (see RFC 4233 section 3.2; figures 3 and 4)
Hope this helps!
- Al Weiner -
------------------------------------------------------------------------
----
Alan Jay Weiner / Valid8.com, Inc. - Conform, Perform & Excel(tm)
500 W Cummings Park, Suite #2700, Woburn, MA 01801, USA
a.weiner@xxxxxxxxxx / Tel:+1-781-938-1221 x112, Fax +1-781-207-0550
http://www.VALID8.com
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Ravi
Rajaratnam
Sent: Tuesday, March 11, 2008 3:48 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] IUA decode
Thanks Anders.
Pls find attached a copy of file containing IUA messages. You will see
v5UA messages as well. v5UA decodes are fine.
regards
Ravi
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Anders
Broman
Sent: Tuesday, 11 March 2008 7:50 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] IUA decode
Hi,
The latest version is 0.99.8. If you can post the trace file instead we
could take a look at it to try to determine what's
wrong.
Regards
Anders
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Ravi
Rajaratnam
Sent: den 11 mars 2008 00:31
To: Community support list for Wireshark
Subject: [Wireshark-users] IUA decode
Sigtran experts!
I have captured IUA messages using wireshark and tried to extract Q931
messages and I see malformed packet.(pls refer to the attached screen
shot)
Can anyone pls help me to decode this message. Do I need to download the
latest version wireshark application to decode. If so pls let me know
the latest application.
regards
Ravi
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
