Re: NR-RRC Dissector

[Manoj Kumar <manoj () wisig com>]

Dear Anders,

What did I try for this?

Try-1.
1. I converted this in MIB.txt file in .pcapng using text2pcap.exe -l 252
MIB.txt" mib.pcapng"
2. Opening .pcapng file in Wireshark-3.1.0
It was showing the same packet as MIB.txt has.

Try-2.
I'm filling the same packet in a character buffer & sending using UDP in
this case, also it is showing the same packet as MIB.txt have.

Could you please provide me some information like
1. How to use exported PDU for MIBs?
2. How to send data from one PC to another using exported PDU?
3. If possible, please share an example for it

Thanks & Regards,
Manoj





On Wed, Oct 30, 2019 at 5:12 PM Anders Broman <anders.broman () ericsson com>
wrote:

> Hi,
>
> If you followed the tread you could see that Pascal wrote(see below) an
> explanation why the solution I tried was wrong so I reverted that code and
> the sample does not work as you can see.
>
>
>
> This might work:
>
> text2pcap.exe -l 252 MIB.txt" mib.pcapng"
>
>
>
> With the following content of the .txt file
>
>
>
> 0000   00 0c 00 18 6e 72 2d 72 72 63 2e 62 63 63 68 2e         nr-rrc.mib
> 6e 72 2d 72 72 63 2e 6d 69 62
>
> 0010   62 63 68 00 00 00 00 00 00 00 00 00 00 00 00 00
> (nr-rrc.bcch.bch 6e 72 2d 72 72 63 2e 62 63 63 68 2e 62 63 68)
>
> 0020   06 f2 d4
>
>
>
> Regards
>
> Anders
>
> Hi Keval,
>
>
>
> based on your screenshot you seem to have a proprietary encapsulation in
> the UDP payload (we can see the string nr-rrc and a BCCH-BCH message - that
> contains a MIB - is 3 bytes long only). So presumably here the real data
> you want to decode is 0x06f2d4?
>
> You should request to whoever defined this encapsulation the corresponding
> Wiresahrk dissector / plugin that calls the NR-RRC dissector. Or use
> another encapsulation method as the one described by Anders.
>
>
>
> For the payload 06f2d4, the decoding is:
>
> NR Radio Resource Control (RRC) protocol
>     BCCH-BCH-Message
>         message: mib (0)
>             mib
>                 systemFrameNumber: 0c [bit length 6, 2 LSB pad bits, 0000
> 11.. decimal value 3]
>                 subCarrierSpacingCommon: scs15or60 (0)
>                 ssb-SubcarrierOffset: 15
>                 dmrs-TypeA-Position: pos2 (0)
>                 pdcch-ConfigSIB1
>                     controlResourceSetZero: 5
>                     searchSpaceZero: 10
>                 cellBarred: notBarred (1)
>                 intraFreqReselection: allowed (0)
>                 spare: 00 [bit length 1, 7 LSB pad bits, 0... .... decimal
> value 0]
>
>
>
> Best regards,
>
> Pascal.
>
>
>
>
>
>
>
> *From:* Manoj Kumar <manoj () wisig com>
> *Sent:* den 30 oktober 2019 12:13
> *To:* Anders Broman <anders.broman () ericsson com>
> *Cc:* Community support list for Wireshark <wireshark-users () wireshark org>
> *Subject:* Re: [Wireshark-users] NR-RRC Dissector
>
>
>
> Dear Anders Broman,
>
>
>
> Thanks for your email.
>
> Yes, I went through this, it's just showing EXPORTED_ PDU while I'm
> opening the .pcapng file, What should I do, so that I'll get MIB Info also?
>
>
>
> Thanks & Regards,
>
> Manoj
>
>
>
> On Wed, Oct 30, 2019 at 2:50 PM Anders Broman <anders.broman () ericsson com>
> wrote:
>
> Hi,
>
> Did you check the replies to your previous mails?
>
> https://www.wireshark.org/lists/wireshark-users/201910/msg00019.html
>
> Regards
>
> Anders
>
>
>
>
>
> *From:* Wireshark-users <wireshark-users-bounces () wireshark org> *On
> Behalf Of *Manoj Kumar
> *Sent:* den 29 oktober 2019 13:02
> *To:* wireshark-users () wireshark org
> *Subject:* [Wireshark-users] NR-RRC Dissector
>
>
>
> Dear all,
>
>
>
> Here I'm mentioning some queries, which given below :
>
>
>
> *1.* I am trying to dissect NR-RRC message i.e. MIB packet, but it is not
> dissecting.
>
> Could you please help me, so that it would dissect MIB of NR-RRC?
>
>
>
> *2. *Is there any NR-RRC over the UDP protocol being used?
>
> please share the relevant information w.r.t. above questions.
>
>
>
> I tried on Wireshark-3.0.1, Wireshark-3.0.5, & Wireshark-3.1.0.
>
>
>
> Kindly, help me to get a solution for the above queries.
>
>
>
> Thanks & Regards,
>
> Manoj Kumar
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe