Wireshark mailing list archives
Re: ISDN Layer 3 decode
From: "Keith French" <keithfrench () btconnect com>
Date: Sun, 23 Oct 2011 22:13:42 +0100
OK I can do that, I have a trace of a very simple Q.Sig call, however the text or CSV options do not show the detailed decode at layer 3 that is contained within the .aps files, they only show the summary view (very like the appearance of a normal Wireshark trace. How do you want me to send them to you?
-----Original Message----- From: Guy Harris
Sent: Saturday, October 22, 2011 8:24 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] ISDN Layer 3 decode On Oct 22, 2011, at 11:13 AM, Keith French wrote:
The software that I would really like to load into Wireshark is Aethra's PC_108XP. This software serves as the expert software for many of their analysers and I think now that the "Export to Ethereal" option (I take your point about the possible age of formats here), is only for their ADSL & Ethernet analysers, not my ISDN, & Q.Sig analyser. Capinfos cannot open its native .aps format,
Well, if you have some .aps files and the corresponding "export as text" dumps, we might e able to reverse-engineer the format.
using the Export to Ethereal to a .cap shows up in capinfos as:-File name: C:\Users\Keith\Desktop\Environment Agency\QSig Traces\test.capFile type: Wireshark/tcpdump/... - libpcap File encapsulation: OpenBSD PF Firewall logs, pre-3.4
Well, somebody at Aethra screwed up big-time there. They chose 17 as the link-layer type value; I doubt they were *so* crazy as to think that a PF log would be the right format, so they were probably looking at some non-OpenBSD system that didn't use 17 for some other purpose and decided "hey, this is available" without bothering to tell the Ethereal/Wireshark developers. Maybe they wrote their own plugin for Ethereal/Wireshark or built their own modified version.
Hence why I think my best bet (if it is even possible) is to take the Layer 3 hex (and L2 if needed) & some how use text2pcap to try & load it into Wireshark.
If the frame begins with a LAPD header, try using 203 as the DLT_ value in text2pcap (after tweaking the hex dump if necessary to make text2pcap handle it).
The other analyser that I have borrowed that can output its D channel decode to Wireshark is called a "Mty Eye"
As soon as I saw "Eye" I wondered whether this was at all related to Innoventif's EyeSDN capture devices:
http://www.innoventif.com/
from MOESARC TECHNOLOGY UK LTD. As I mentioned before it uses a .TRC file, which Wireshark can read and running capinfos on it shows:-File name: C:\Users\Keith\Documents\Mty Eye Analyser\Lab Traces\Mty Eye QSig Trace.trcFile type: EyeSDN USB S0/E1 ISDN trace format
...and, sure enough, I was right. They might be reselling the EyeSDN boxes under their own name - they're listed as a distributor:
http://www.innoventif.com/4_1_0.htmlInnoventif contributed support to Ethereal/Wireshark to read their file format.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- ISDN Layer 3 decode Keith French (Oct 21)
- Re: ISDN Layer 3 decode Stephen Fisher (Oct 21)
- Re: ISDN Layer 3 decode Keith French (Oct 21)
- Re: ISDN Layer 3 decode Stephen Fisher (Oct 21)
- Re: ISDN Layer 3 decode Guy Harris (Oct 21)
- Re: ISDN Layer 3 decode Keith French (Oct 22)
- Re: ISDN Layer 3 decode Guy Harris (Oct 22)
- Re: ISDN Layer 3 decode Keith French (Oct 23)
- Re: ISDN Layer 3 decode Guy Harris (Oct 23)
- Re: ISDN Layer 3 decode Guy Harris (Oct 23)
- Re: ISDN Layer 3 decode Keith French (Oct 24)
- Re: ISDN Layer 3 decode Guy Harris (Oct 24)
- Re: ISDN Layer 3 decode Keith French (Oct 25)
- Re: ISDN Layer 3 decode Guy Harris (Oct 26)
- Re: ISDN Layer 3 decode Keith French (Oct 26)
- Re: ISDN Layer 3 decode Keith French (Oct 26)
- Re: ISDN Layer 3 decode Anders Broman (Oct 26)
- Re: ISDN Layer 3 decode Keith French (Oct 26)
- Re: ISDN Layer 3 decode Keith French (Oct 21)
- Re: ISDN Layer 3 decode Stephen Fisher (Oct 21)