Hi Anders, Thanks for your reply. Attached are sample captures. The MSUs are syslog encapsulated, so you need to be running SVN rev 21109 or higher. Decode UDP destination port 7890 as syslog and you will see the MTP3 and higher layers.
example1.cap : A simple MAPv2 mt-fsm showing up as mo-fsm. example2.cap : The gsm_map dissector throwing up a BER decode error because it thinks there are some extra invalid field beyond the sm-RP-UI of the mo-fsm, but the extra field is actually the more-messages-to-send flag in a MAPv2 mt-fsm. I had one more example, but I can't find it anymore. I will send it on if I do find it. Best regards, Abhik. On 3/26/07, Anders Broman (AL/EAB) <[EMAIL PROTECTED]> wrote:
Hi, If you could supply a sample trace we could see what can be done. Best regards Anders ________________________________ From: [EMAIL PROTECTED] on behalf of Abhik Sarkar Sent: Mon 3/26/2007 9:49 AM To: wireshark-dev@wireshark.org Subject: [Wireshark-dev] gsm_map dissector question Hi List, I have been capturing and decoding some live traffic on a GSM network, and find a problem in decoding of GSM MAP operations. The GSM MAP dissector is currently based on 3GPP TS 29.002 v7.5.0. This leads to incorrect decoding of packets which are working on lower MAP versions. For example, a MAP v2 ShortMsgMT-Relay gets decoded as MAP v3 ShortMsgMO-Relay (because the opcodes are same). This leads to all kinds of warnings, and sometimes incorrect decoding. I don't suppose there is a (simple) way around this, is there? I guess a complex (and resource hungry) method would be for the TCAP dissector to follow dialogs and then pass the application context information to the MAP dissector for MAP to interpret the operation based on the application context in addition to the op-code. I am sorry if this has already been discussed, I searched the archives, but could not find anything relevant... perhaps I didn't use the correct search string. Thanks, Abhik. _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
example1.cap
Description: Binary data
example2.cap
Description: Binary data
_______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev