Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mux27010 capture

From: Bill Meier <wmeier () newsguy com>
Date: Fri, 02 Jan 2015 10:28:51 -0500
On 1/2/2015 5:42 AM, poeschel () lemonage de wrote:

Hello!

I have to debug a problem with the multiplex protocol of a gsm
modem. I came across wireshark being able to dissect mux27010
protocol which would be of big value to me.

I did manage to capture some mux data from the uart but that does
not seem to fit to that what wireshark expects. Here is my setup: I
have a gsm modem connected to the uart of an arm processor running
linux. In linux the n_gsm mux driver is attached to the uart and does
the muxing. I now modified the n_gsm driver to hand me out a copy the
 data it sends to the uart right before it leaves the mux driver.

Okay, I now have captured data and what I capture this way looks
valid to me according to the mux spec in 3GPP TS 07.10 V7.2.0. I
then convert this data to a hexdump with od -Ax -tx1 -v as stated in
wireshark documentation and this is what I import to wireshark using
the Import from hex dump... dialog. There I select my file and
MUX27010 as encapsulation type.

The dissection wireshark then does is garbage. In the MUX27010
Protocol wireshark expects an extended header which I do not have in
my capture and which I can not find in the specification. If I remove
this extended header part from the dissector and compile wireshark,
it correctly dissects the first (and only the first) mux packet to
me.

So my questions are: Where does this extended header come from and
what does it contain ? As it does not seem to be part of the mux
specification (and it is very unlikely to be seen on the uart line) I
suspect some capturing tool injecting this data. What is the
preferred way of capturing this mux data ?

Thanks in advance, Lars


I'm not familiar with the protocol but the following may help:

http://www.tcpdump.org/linktypes/LINKTYPE_MUX27010.html

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: