Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Wireshark bug when dissect the MC interface trace

From: Hui Wei <hui.wei () ericsson com>
Date: Wed, 21 Jul 2010 16:06:19 +0800
Hi,

When I use the wireshark to dissect the MC interface trace, it regard each IP packet as one message. However, there are 
several upper layer messages enbedded in the same one IP packet.

Therefore, when I use the following Tshark command to dissect that, it can only generate 1 gsm message:
tshark -r MC_SAMPLE_LOGS -R "gsm_a.dtap_msg_mm_type > 0 or gsm_a.dtap_msg_cc_type > 0 or gsm_a.bssmap_msgtype > 0 or 
sccp.message_type > 0" -T fields -E header=y -e frame -e frame.time_epoch -e ip.src -e ip.dst -e sccp.slr -e sccp.dlr 
-e sccp.message_type -e gsm_a.dtap_msg_mm_type -e gsm_a.dtap_msg_cc_type -e gsm_a.bssmap_msgtype -e gsm_a.imsi > 
result_MO.txt

As below:
frame   frame.time_epoch        ip.src  ip.dst  sccp.slr        sccp.dlr        sccp.message_type       
gsm_a.dtap_msg_mm_type  gsm_a.dtap_msg_cc_type  gsm_a.bssmap_msgtype    gsm_a.imsi
Frame 1: 1170 bytes on wire (9360 bits), 1170 bytes captured (9360 bits)        1271940351      10.37.11.26     
10.37.19.18     0xa80003        0x0a16ec        0x05    0x08            0x55    4.60002E+14

The protocol hierarchy is show as below:



The original dump packet is attached as below:

Could anybody help me to repair that?

Thanks!


Best Regards!

Wei Hui

Ericsson (China) Communications Company Ltd. Nanjing Branch
6F No.2 Building Nanjing IC Design Park,
No.89 Shengli Road. Jiangning Economic & Technology Development Zone
Nanjing, P.R.China
Post Code:       211100

Tel:                 +86 25 87128000
Fax:                +86 25 87128001
Mobile:             +86 13951612835
E-mail:             hui.wei () ericsson com

Attachment: packet_MC.dump
Description: packet_MC.dump

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: