Wireshark mailing list archives

Re: Help decoding GSM SMS (no crypt)

From: reginaldo salles <reginaldosalles1972 () gmail com>
Date: Sat, 7 May 2016 18:56:32 -0300

will aply patch and try to do the capture again.
thank you.

On Sat, May 7, 2016 at 2:56 PM, Pascal Quantin <pascal.quantin () gmail com>
wrote:



2016-05-07 15:44 GMT+02:00 Pascal Quantin <pascal.quantin () gmail com>:

Hi Reginaldo,

2016-05-07 1:19 GMT+02:00 reginaldo salles <reginaldosalles1972 () gmail com

I can not see the contents of the SMS capture in plaintext.
Traffic does not have encryption and still can not see the content of
the SMS. Wireshark bug? Anybody know how to figure out this problem?

wireshark .cap file: https://www.cloudshark.org/captures/504bc91928e3
wcpdump .cap file:  https://www.cloudshark.org/captures/9ec3f39d2c03


The LAPDm reassembly code gets confused by your capture:
-  the ICMP error packets are included in the reassembly table while they
should not be
- the LAPDm retransmissions (with the polling bit set) are also wrongly
included in the reassembly table

I'm gonna fix those bugs but in the meantime you can manually exclude
those packets to get a proper dissection.
In the SMS_TCPDUMP.cap file, keep packets 1, 5, 6, 8, 9, 11, 15, 16, 18
and 19.


The patch is available here: https://code.wireshark.org/review/#/c/15281
But I'm a bit surprised with the way the N(S) counter gets incremented.
Did you filter some LAPDm packets (like SABM frames)? Typically frames 15
and 19 have the same uplink direction and the same N(S) value while the
content is different.

Regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Help decoding GSM SMS (no crypt) reginaldo salles (May 06)
- Re: Help decoding GSM SMS (no crypt) Pascal Quantin (May 07)
  - Re: Help decoding GSM SMS (no crypt) Pascal Quantin (May 07)
    - Re: Help decoding GSM SMS (no crypt) reginaldo salles (May 07)
    - Re: Help decoding GSM SMS (no crypt) Guy Harris (May 07)
    - Re: Help decoding GSM SMS (no crypt) reginaldo salles (May 07)
    - Re: Help decoding GSM SMS (no crypt) Pascal Quantin (May 08)
    - Message not available
    - Re: Help decoding GSM SMS (no crypt) Pascal Quantin (May 08)
  - Re: Help decoding GSM SMS (no crypt) reginaldo salles (May 07)
- <Possible follow-ups>
- Help decoding GSM SMS (no crypt) reginaldo salles (May 06)