Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] TCAP/CAMEL protocols dissection problem

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Mon, 01 Sep 2014 23:09:41 -0400
On 09/01/2014 05:14 AM, mosbah abdelkader wrote:
Hello All,


I am sorry if my question is asked on the wrong place.


I have run the tshark command with the -V argument (to get protocol
details) on a capture file containing CAMEL protocol traces over M2PA
SIGTRAN (lower layers are TCAP/SCCP/MTP3/M2PA/SCTP). But the dissection
only detects the layers M2PA/MTP3/SCCP. Here is the output:

[Protocols in frame: eth:ip:sctp:m2ua:mtp3:sccp:data]


The dissector does not detect TCAP and CAMEL.


I have had the same problem with a file containing INAP and ISUP.


Here are the links of the pcap file and the tshark command output hosted
on google drive:

- pcap:
https://drive.google.com/file/d/0B-lcP-o4fZ9UMjlZeXJQNTVJeU0/edit?usp=sharing
- output:
https://drive.google.com/file/d/0B-lcP-o4fZ9UV2hNNG51emswSlE/edit?usp=sharing


Please help me upon this issue: is there any hint how to get these
protocols decoded correctly? Is this an issue with wireshark dissector?

What version are you using?

It decodes as Camel for me in the current development version.

First thing to check is that your Camel dissector is registered for SSN 146. Go to Edit->Preferences->Protocols->Camel and make sure the SSN (or SSN list) includes 146.