After a deeper analysis of some captures I have I've got to the conclusion that it is not a good idea. The GT is something different that what i believed it to be.
I was considering a way to group together TCAP transactions taking into account that for some of those I've seen responses coming from a different opc than the dpc of the begin, now after a detailed analysis of those traces I noticed that this was due to a (unavoidable) misbehavior of the "Flow Graph" where the same SCTP packet carried more M3UA packets destined to different PCs and being pinfo->src set to the opc of the second M3UA packet the flow graph have the arrow coming from the wrong OPC. (That's a problem caused by the 1:1 relation between frame and packet wireshark assumes) Other than that I found MAP requests with two GT (from mobile's IMSI to HLR's) whose response to has different GTs (HLR's to VLR's), thus invalidating any assumption I made about the GT being determinant in establishing to which TCAP transaction does the packet belong that was the issue that had me coming with the (demential) idea. Luis On 3/28/07, Abhik Sarkar <[EMAIL PROTECTED]> wrote: > Hmmm... OK, I have yet had to use the M3UA dissector, didn't know > that. Anyway, in SUA/SCCP too, it is possible for the CgPA and CdPA to > be only PC-SSN. So, if SCCP/SUA does set the transport address as GT, > it should also set it to point code if only point code is available. > Perhaps the others have something to say about this too. I am curious > though, how do you think it will help? > > On 3/28/07, Luis Ontanon <[EMAIL PROTECTED]> wrote: > > There still be the IP addresses in net_src/net_dst. It would be much > > like M3UA does that replaces ip src and ip dst by the opc and dpc > > (which I do not doubt it is ok). > > > > What I wonder about is whether the GT is an address or should it be > > just taken as a "port" on a certain address. > > > > On 3/28/07, Abhik Sarkar <[EMAIL PROTECTED]> wrote: > > > In case of SUA, wouldn't this mean pinfo->src and pinfo->dst would no > > > longer have the IP end-points of the SCTP association? Is yes, is that > > > desirable? > > > > > > On 3/28/07, Luis Ontanon <[EMAIL PROTECTED]> wrote: > > > > Would it be correct to add an AT_SS7_GT to the address types and have > > > > sccp/sua setting the GTs as pinfo->src & pinfo->dst ??? > > > > > > > > Isn't the global title an actual (transport) address? > > > > > > > > Luis > > > > > > > > -- > > > > This information is top security. When you have read it, destroy > > > > yourself. > > > > -- Marshall McLuhan > > > > _______________________________________________ > > > > Wireshark-dev mailing list > > > > Wireshark-dev@wireshark.org > > > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > > > > > _______________________________________________ > > > Wireshark-dev mailing list > > > Wireshark-dev@wireshark.org > > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > > > > > > > -- > > This information is top security. When you have read it, destroy yourself. > > -- Marshall McLuhan > > _______________________________________________ > > Wireshark-dev mailing list > > Wireshark-dev@wireshark.org > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-dev > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
