Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nas_eps value type change request

From: Anders Broman via Wireshark-dev <wireshark-dev () wireshark org>
Date: Mon, 5 Oct 2020 06:51:06 +0000
Hi,

The proper way to request features or report bugs is through https://bugs.wireshark.org/bugzilla/ or start a discussion 
on the mailing lists. If I look in the 3GPP specifications

TS 23.003 Chapter 2.4

…”The TMSI consists of 4 octets. It can be coded using a full hexadecimal representation.”… so displaying it as decimal 
may be misleading?

In packet-s1ap.c we have 

M-TMSI TYPE = FT_UINT32 DISPLAY = BASE_DEC_HEX

Which will change the representation to be both decimal AND hexadecimal we could do that for NAS-EPS too I suppose.

 

“I’m trying to create a MATE file that will add IMSI to all packets in all common 3gpp core protocols.

My goal is to filter all messages related to a specific IMSI from a multi-subscriber and multi-protocol cap file.”

 

This would be a valuable feature I think and perhaps should be done by code rather than mate, perhaps you can share 
your mate files?

Regards

Anders

 

From: Dudi D <dudi.davidesko () gmail com> 
Sent: den 5 oktober 2020 08:10
To: Anders Broman <anders.broman () ericsson com>
Subject: nas_eps value type change request

 

Hi Andres,

 

Sorry for this direct request, My name is Dudi and I’m a Packet Core Engineer.

I’m using WS a lot, i’m trying to create a MATE file that will add IMSI to all packets in all common 3gpp core 
protocols.

My goal is to filter all messages related to a specific IMSI from a multi-subscriber and multi-protocol cap file.

 

M-TMSI (under GUTI) value is in hex on nas_eps and dec in s1ap dissector.

nas_eps.emm.m_tmsi

s1ap.m_TMSI

 

So, because of this type difference, when using MATE, I cannot correlate between Attach/TAU to Service requests and 
Paging.

Is it possible to change  in packet-nas_epc also to decimal like MME group ID and MMe Code ?

Do you think it's correct to use decimal here ?

https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-nas_eps.c#L6949 
<https://protect2.fireeye.com/v1/url?k=99410b7f-c7e1ebe1-99414be4-86ee86bd5107-f4db730c5d1ad937&q=1&e=3082eef2-751c-4d1f-8929-c0d6b4c3bf59&u=https%3A%2F%2Fgithub.com%2Fwireshark%2Fwireshark%2Fblob%2Fmaster%2Fepan%2Fdissectors%2Fpacket-nas_eps.c%23L6949>
 

 

 

BR,

Dudi Davidesko

Attachment: smime.p7s
Description: 

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: