Abhik Sarkar wrote: [...] > First an introduction in the form of a quote from the Cisco ITP manual... > > <quote> > The ITP Packet Logging facility uses the BSD syslog protocol (RFC > 3164) to send selected (SS7) MSUs to a user-selected monitoring tool > via the UDP connectionless protocol (RFC 768). Cisco Systems, Inc. > does not provide monitoring tools specifically for receiving and > decoding messages sent by the facility. The user must obtain a > suitable tool for receiving syslog messages. > </quote> > > I have seen a proprietary tool to receive and decode these messages; > however, that runs on only one platform (as far as I know) and I don't > always have access to that platform. > > Now, since wireshark can already dissect syslog packets and mtp > packets, I thought of combining the two.
Cool, I think that would be a useful addition to Wireshark. However I suspect that a separate dissector is not a good idea but your changes would have to be merged into the existing syslog dissector (which appears easy since that's where you started). Could you provide a (small) sample capture file to test with (you could send it to the list or to me privately if you prefer)? _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
