Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] How to decode an encoded NAS message?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Satish Chandra <satishchandracms@xxxxxxxxx>
Date: Fri, 17 Jul 2009 12:35:06 +0530
Hi,

You can add the following header before your NAS message:

0000  02 02 02 02 02 02 01 01  01 01 01 01 08 00 45 00
0010  00 74 12 34 00 00  ff  84  a2 cc 01 01 01 01 02 02  
0020  02 02 0b 58 0b 58 00 00  00 00 db 8b bf 26 00 03  
0030  00 54 00 00 00 00 00 00  00 00 00 00 00 02 01 00  
0040  06 01 00 00 00 44 03 00  00 3b 83 09 88 04 04 09  
0050  00 03 07 0b 04 43 09 08  8e 04 43 12 10 8e 22 00  
0060  14 40 1e 00 00 01 00 10  40

just after it...put (lenght of NAS + 1) as hex byte, then (lenght of NAS) as hex byte and then copy your nas message.

Then you can use text2pcap command to convert it pcap format and can open that pcap with wireshark.

eg:

0000   01 00 06 01 00 00 00 40 03 00 00 35 83 09 88 04 
0010   04 09 00 03 07 0b 04 43 09 08 8e 04 43 12 10 8e 
0020   1c 00 13 00 4a 00 00 01 00 10 40 11 10 05 08 00 
0030   00 f0 00 00 00 00 01 00 33 03 00 00 00 00 00 00

The two bytes which you need to insert are shown in the above message.

I tried decoding the nas message you sent but it says unknown message type...there no message with message type 07 (refer 3GPP 24.008 section 10.4)

BTW....the tool mentioned below is really cool. < THANKS >

-satish                                                 


On Fri, Jul 17, 2009 at 11:33 AM, Vincent Helfre <vincent.helfre@xxxxxxx> wrote:
Hi Jiji,
you can try this small program that is using Wireshark to decode GSM, WCDMA or LTE messages: http://www.protocolanalyze.com/
Regards
Vincent

-------- Original-Nachricht --------
> Datum: Fri, 17 Jul 2009 12:19:34 +0800
> Von: Junjie Jiang <junjie.jiang@xxxxxxxxx>
> An: wireshark-users@xxxxxxxxxxxxx
> Betreff: [Wireshark-users] How to decode an encoded NAS message?

> Hi all,
>
> I wanna decode an encoded NAS message but I have no such a capatured file.
> I have only the encoded NAS pdu:
> 07417108390110020000011202e0e000050201d031d1
>
> Then how could I decode this NAS pdu by Wireshark?
> Is there an input box for any a protocol pdu to decode directly?
>
> Thanks a lot in advance.
>
> Best regards,
> JiJi

--
Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3 -
sicherer, schneller und einfacher! http://portal.gmx.net/de/go/atbrowser
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Satish Chandra
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube