Wireshark-users: Re: [Wireshark-users] mux27010 capture
From: Lars Poeschel <poeschel@xxxxxxxxxxx>
Date: Wed, 14 Jan 2015 11:26:48 +0100
I am sorry for messing up the mails thread id, but it is very hard to answer to a mail where one itself is not the receipient. I am not subscribed to the mailing list. > On 1/2/2015 5:42 AM, poeschel@xxxxxxxxxxx wrote: > > Hello! > > > > I have to debug a problem with the multiplex protocol of a gsm > > modem. I came across wireshark being able to dissect mux27010 > > protocol which would be of big value to me. > > > > I did manage to capture some mux data from the uart but that does > > not seem to fit to that what wireshark expects. Here is my setup: I > > have a gsm modem connected to the uart of an arm processor running > > linux. In linux the n_gsm mux driver is attached to the uart and does > > the muxing. I now modified the n_gsm driver to hand me out a copy the > > data it sends to the uart right before it leaves the mux driver. > > > > Okay, I now have captured data and what I capture this way looks > > valid to me according to the mux spec in 3GPP TS 07.10 V7.2.0. I > > then convert this data to a hexdump with od -Ax -tx1 -v as stated in > > wireshark documentation and this is what I import to wireshark using > > the Import from hex dump... dialog. There I select my file and > > MUX27010 as encapsulation type. > > > > The dissection wireshark then does is garbage. In the MUX27010 > > Protocol wireshark expects an extended header which I do not have in > > my capture and which I can not find in the specification. If I remove > > this extended header part from the dissector and compile wireshark, > > it correctly dissects the first (and only the first) mux packet to > > me. > > > > So my questions are: Where does this extended header come from and > > what does it contain ? As it does not seem to be part of the mux > > specification (and it is very unlikely to be seen on the uart line) I > > suspect some capturing tool injecting this data. What is the > > preferred way of capturing this mux data ? > > > > Thanks in advance, Lars > > I'm not familiar with the protocol but the following may help: > > http://www.tcpdump.org/linktypes/LINKTYPE_MUX27010.html Thanks for that. I did not know this. If I understand this right, this does not comply with the 3gpp specification, but instead a special siemens/cinterion variant of the protocol that is not compatible with the original 3gpp protocol. It would be great to note that fact somewhere in the wireshark code and/or in the wireshark doc. Bill, thanks again for your reply. That helped me a lot. Lars
- Follow-Ups:
- Re: [Wireshark-users] mux27010 capture
- From: Bill Meier
- Re: [Wireshark-users] mux27010 capture
- Prev by Date: [Wireshark-users] Decode As DLT
- Next by Date: [Wireshark-users] update-ws-profiles / script for changing IP/MAC addresses in preferences
- Previous by thread: Re: [Wireshark-users] mux27010 capture
- Next by thread: Re: [Wireshark-users] mux27010 capture
- Index(es):
- Get Wireshark
- Download
- Code of Conduct