Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Mutliple m3ua messages in one frame

From: Milan STANCIC <milan@xxxxxxxxxxxxxxxx>
Date: Thu, 21 Oct 2010 10:01:39 +0200
Hello

Can somebody to help me ?

I got some simple problem maybe you can help me...

Exactly, I should extract m3ua/sccp/tcap/gsm_map/gsm_sms payloads from
frame for purpose of collection of CDR's.. Problem is in case when you
got in one frame more than one m3ua message, Tshark give us just one
line, last one. please symptoms.

---------------------
root@milan-PC:/home/milan/Downloads# tshark -R 'frame.number == 1010' -e
frame.number -e m3ua.protocol_data_opc -e m3ua.protocol_data_dpc -r
malta.pcap  -Tfields
Running as user "root" and group "root". This could be dangerous.
1010    6137    8455 ----//// it is just last m3ua message
-----------------------------------------

So, I have tried next:
to use MATE: please see config file...

wireshark -o "mate.config: m3ua_v04.mate" -r malta.pcap

There is two MATE section but not each of wanted attributes.. please see
mate_example.png and m3ua_v04.mate

PLEASE HELP, HOW CAN I PROCESS IT.


--
Milan STANCIC

System Administrator

RoutoMessaging
http://www.routomessaging.com
GSMA Associate Member
Tel +44 (0) 870 231 7777
Fax + 44 (0) 870 231 7771



This email contains Routo Telecommunications information, which may be privileged or confidential. It's meant only for the individual(s) or entity named above. If you're not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited. If you've received this email in error, please let me know immediately on the email address above. Thank you.



Routo Telecommunications Limited Registration Number 04546322 having its principal place of business at 48 Charlotte Street, London, W1T 2NS, United Kingdom



Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.



We monitor our email system, and may record your emails.





Pdu m3ua_pdu Proto m3ua Transport ip/m3ua/sccp/tcap/gsm_map/gsm_sms {
        Extract ip.src From ip.src;
        Extract ip.dst From ip.dst;
        Extract ip.dst From ip.dst;
        Extract m3ua.protocol_data_opc From m3ua.protocol_data_opc;
        Extract sccp.calling.digits From sccp.calling.digits;
        Extract tcap.tid From tcap.tid;
        Extract  gsm_map.sm.msisdn  From  gsm_map.sm.msisdn ;
        Extract  gsm_sms.tp-oa  From  gsm_sms.tp-oa ;
        Extract  gsm_map.old.Component  From  gsm_map.old.Component ;
};

Done;



Attachment: mate_example.png
Description: PNG image

Attachment: Screenshot.png
Description: PNG image

Attachment: malta.pcap
Description: application/cap