Hi List, Good Evening. I have a problem with GSM MAP Decoding.So according to the implimentaion map rel version should be determined dynamically based on application context. I undesrstand it this way.Application conext is used if its recieved by traffic. if its recived and the call alreday exist than we may fall back with mismatch. My question is How do i know which version of GSM map wireshark uses internally for a specific message.(Well need to debug is there any other way). There seem to be no version checking except some checking with application context value 1,2 and 3.Wireshark checks only application_context_version ==3 nd in some cases <3 .I m intrested to know is it only handled this way or some other way out.. I Know that the following version release are possible in case of GSM MAP. GSM 09.02 Ph 1 :v3.11.0 GSM 09.02 Ph 2 :v4.19.1 3GPP TS 29.002 :v3.12.0 3GPP TS 29.002 :v4.13.0 3GPP TS 29.002 :v5.7.0 3GPP TS 29.002 :v5.10.0 3GPP TS 29.002 :v6.8.0 3GPP TS 29.002 :v6.14.0 3GPP TS 29.002 :v7.8.0 Which version wireshark currently supports. I see only the following from sources: ETSI TS 129 002 ETSI TS 129 002 V7.5.0 (3GPP TS 29.002 V7.5.0 (2006-09) Release 7) ETSI TS 129 002 V8.4.0 (3GPP TS 29.002 V8.1.0 (2007-06) Release 8) 3GPP TS 24.080 secondly i saw from sources that it is using MTP3 PC to match a call.I understand it this way when we have a message,we check for OID(Source/destnination).continue can have both while begin has source and abort/end have destination.so comparing previously recived message with recently recived message we can find the matching call but i m wondering why MTP3 PC is used. I have attached a smaple trace where frame 1 and 3 belong to same transaction. frame 1 is begin and frame 3 is end.begin message at frame 1 source transaction id C746F173 is same as end messae at frame 3(dest trans id C746F173).both have application-context-name: 0.4.0.0.1.0.24.2 (mwdMngtContext-v2). so in this case v2 is used.if with end message there would not have been any application-context-name than it would have used begin's Application context name. on the other hand in frame 2 it gives some decoding error.is it the case that wireshark has a bug or some thing else. Any help/pointer on this would help me really to understand the transaction management in TCAP. Br tulip
Check out the all-new Messenger 9.0! Go to http://in.messenger.yahoo.com/
sample.pcap
Description: Binary data
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
