Wireshark-users: Re: [Wireshark-users] NR-RRC Dissector
From: Manoj Kumar <[email protected]>
Date: Wed, 30 Oct 2019 17:41:55 +0530
Dear Anders,

What did I try for this? 

1. I converted this in MIB.txt file in .pcapng using text2pcap.exe -l 252 MIB.txt" mib.pcapng"
2. Opening .pcapng file in Wireshark-3.1.0
It was showing the same packet as MIB.txt has.

I'm filling the same packet in a character buffer & sending using UDP in this case, also it is showing the same packet as MIB.txt have.

Could you please provide me some information like 
1. How to use exported PDU for MIBs?
2. How to send data from one PC to another using exported PDU?
3. If possible, please share an example for it

Thanks & Regards,

On Wed, Oct 30, 2019 at 5:12 PM Anders Broman <[email protected]> wrote:


If you followed the tread you could see that Pascal wrote(see below) an explanation why the solution I tried was wrong so I reverted that code and the sample does not work as you can see.


This might work:

text2pcap.exe -l 252 MIB.txt" mib.pcapng"


With the following content of the .txt file


0000   00 0c 00 18 6e 72 2d 72 72 63 2e 62 63 63 68 2e         nr-rrc.mib 6e 72 2d 72 72 63 2e 6d 69 62

0010   62 63 68 00 00 00 00 00 00 00 00 00 00 00 00 00        (nr-rrc.bcch.bch 6e 72 2d 72 72 63 2e 62 63 63 68 2e 62 63 68)

0020   06 f2 d4




Hi Keval,


based on your screenshot you seem to have a proprietary encapsulation in the UDP payload (we can see the string nr-rrc and a BCCH-BCH message - that contains a MIB - is 3 bytes long only). So presumably here the real data you want to decode is 0x06f2d4?

You should request to whoever defined this encapsulation the corresponding Wiresahrk dissector / plugin that calls the NR-RRC dissector. Or use another encapsulation method as the one described by Anders.


For the payload 06f2d4, the decoding is:

NR Radio Resource Control (RRC) protocol
        message: mib (0)
                systemFrameNumber: 0c [bit length 6, 2 LSB pad bits, 0000 11.. decimal value 3]
                subCarrierSpacingCommon: scs15or60 (0)
                ssb-SubcarrierOffset: 15
                dmrs-TypeA-Position: pos2 (0)
                    controlResourceSetZero: 5
                    searchSpaceZero: 10
                cellBarred: notBarred (1)
                intraFreqReselection: allowed (0)
                spare: 00 [bit length 1, 7 LSB pad bits, 0... .... decimal value 0]


Best regards,





From: Manoj Kumar <[email protected]>
Sent: den 30 oktober 2019 12:13
To: Anders Broman <[email protected]>
Cc: Community support list for Wireshark <[email protected]>
Subject: Re: [Wireshark-users] NR-RRC Dissector


Dear Anders Broman,


Thanks for your email.

Yes, I went through this, it's just showing EXPORTED_ PDU while I'm opening the .pcapng file, What should I do, so that I'll get MIB Info also?


Thanks & Regards,



On Wed, Oct 30, 2019 at 2:50 PM Anders Broman <[email protected]> wrote:


Did you check the replies to your previous mails?






From: Wireshark-users <[email protected]> On Behalf Of Manoj Kumar
Sent: den 29 oktober 2019 13:02
To: [email protected]
Subject: [Wireshark-users] NR-RRC Dissector


Dear all,


Here I'm mentioning some queries, which given below : 


1. I am trying to dissect NR-RRC message i.e. MIB packet, but it is not dissecting. 

Could you please help me, so that it would dissect MIB of NR-RRC?


2. Is there any NR-RRC over the UDP protocol being used?

please share the relevant information w.r.t. above questions.


I tried on Wireshark-3.0.1, Wireshark-3.0.5, & Wireshark-3.1.0.


Kindly, help me to get a solution for the above queries.


Thanks & Regards,

Manoj Kumar