On Fri, Apr 24, 2009 at 8:33 AM, SOLTANI FATEN < [email protected]> wrote:
> > > Thanks for everyone who's trying to help me > Martin, here is an example of frames which I want to decode, the first > is a isup/mtp3 frame and the second is a sip/ip frame, both of them are > in the same file > First frame: 85 16 DC 09 13 01 00 01 00 00 01 0A 00 02 09 07 83 90 56 > 39 56 09 00 0A 07 83 13 78 56 04 00 01 00 > > Second frame: 43 61 6C 6C 2D 49 44 3A 20 30 30 30 30 30 30 30 30 31 32 > 33 34 35 36 37 38 0D 0A 43 53 65 71 3A 20 31 20 49 4E 56 49 54 45 0D 0A > 43 6F 6E 74 61 63 74 3A 20 73 69 70 3A 73 69 70 40 31 33 32 2E 31 33 32 > 2E 31 33 32 2E 31 3A 35 30 36 30 0D 0A 4D 61 78 2D 46 6F 72 77 61 72 64 > 73 3A 20 37 30 0D 0A 53 75 62 6A 65 63 74 3A 20 50 65 72 66 6F 72 6D 61 > 6E 63 65 20 54 65 73 74 0D 0A 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 > 61 70 70 6C 69 63 61 74 69 6F 6E 2F 73 64 70 0D 0A 43 6F 6E 74 65 6E 74 > 2D 4C 65 6E 67 74 68 3A 20 31 33 39 0D 0A 76 3D 30 0D 0A 6F 3D 75 73 65 > 72 31 20 35 33 36 35 35 37 36 35 20 32 33 35 33 36 38 37 36 33 37 20 49 > 4E 20 49 50 34 20 31 33 32 2E 31 33 32 2E 31 33 32 2E 31 0D 0A 73 3D 2D > 0D 0A 74 3D 30 20 30 0D 0A 63 3D 49 4E 20 49 50 34 20 31 34 30 2E 31 34 > 30 2E 31 34 30 2E 31 34 30 0D 0A 6D 3D 61 75 64 69 6F 20 31 30 32 34 20 > 52 54 50 2F 41 56 50 20 30 0D 0A 61 3D 72 74 70 6D 61 70 3A 30 20 50 43 > 4D 55 2F 38 30 30 30 0D 0A > > The second frame doesn't have an IP header/UDP header. The dct2000 format doesn't support frames of type sip with no header. There are frames with protocol "sip" in them, but they have a proprietary udp or tcp or sctpprim header first. As a quick test, I changed packet-catapult-dct2000.c to allow pure SIP frames to be sent to the SIP dissector, but what you sent wasn't a SIP frame (no request or response line, several mandatory headers missing), so the SIP dissector didn't recognise it as SIP. If your file format doesn't support the raw data of the frame, Wireshark won't be able to make any sense out of it! Martin > > > Regards > > > > > > > > > ------------------------------ > > Message: 3 > Date: Thu, 23 Apr 2009 18:00:25 +0200 > From: "SOLTANI FATEN" <[email protected]> > Subject: [Wireshark-dev] text2catapult > To: <[email protected]> > Message-ID: > > <e68185550026e440866d118afc41ef6701971...@frvelsmbs13.ad2.ad.alcatel.com > > > > Content-Type: text/plain; charset="us-ascii" > > Hi everyone > I have a text file which includes an arbitrary mixture off protocols, > which I want to convert it into a format readable by Wireshark. But I do > not know which one? I know that catapult can include an arbitrary > mixture off protocols, but the problem, that I do not know the structure > of this file, nor how to convert from text format to catapult format?! > Someone can help me please?! > Regards > > > > > ------------------------------ > > Message: 4 > Date: Thu, 23 Apr 2009 18:04:47 +0100 > From: Martin Mathieson <[email protected]> > Subject: Re: [Wireshark-dev] text2catapult > To: Developer support list for Wireshark <[email protected]> > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > If you send a short file with an example of each protocol you want to > support, I can try to convert it (by hand) to show you how it might be > done. > Martin > > On Thu, Apr 23, 2009 at 5:00 PM, SOLTANI FATEN < > [email protected]> wrote: > > > Hi everyone > > I have a text file which includes an arbitrary mixture off protocols, > > which I want to convert it into a format readable by Wireshark. But I > do > > not know which one? I know that catapult can include an arbitrary > > mixture off protocols, but the problem, that I do not know the > structure > > of this file, nor how to convert from text format to catapult format?! > > Someone can help me please?! > > Regards > > > > > > > ________________________________________________________________________ > ___ > > Sent via: Wireshark-dev mailing list <[email protected]> > > Archives: http://www.wireshark.org/lists/wireshark-dev > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > > > mailto:[email protected]?subject=unsubscribe > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://www.wireshark.org/lists/wireshark-dev/attachments/20090423/9a4055 > 54/attachment.htm<http://www.wireshark.org/lists/wireshark-dev/attachments/20090423/9a4055%0A54/attachment.htm> > > > Message: 6 > Date: Thu, 23 Apr 2009 18:36:21 +0100 > From: Martin Mathieson <[email protected]> > Subject: Re: [Wireshark-dev] text2catapult > To: Developer support list for Wireshark <[email protected]> > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > Vincent Helfre also created a similar log file format (see bug 3114) > that > could maybe be extended to handle your protocols - it might be cleaner > to > use that. > I believe he's converted it into a wiretap plugin, so those sources may > no > longer be up-to-date. > > Just a thought, > Martin > > On Thu, Apr 23, 2009 at 6:04 PM, Martin Mathieson < > [email protected]> wrote: > > > If you send a short file with an example of each protocol you want to > > support, I can try to convert it (by hand) to show you how it might be > done. > > Martin > > > > > > On Thu, Apr 23, 2009 at 5:00 PM, SOLTANI FATEN < > > [email protected]> wrote: > > > >> Hi everyone > >> I have a text file which includes an arbitrary mixture off protocols, > >> which I want to convert it into a format readable by Wireshark. But I > do > >> not know which one? I know that catapult can include an arbitrary > >> mixture off protocols, but the problem, that I do not know the > structure > >> of this file, nor how to convert from text format to catapult > format?! > >> Someone can help me please?! > >> Regards > >> > >> > >> > >> > ________________________________________________________________________ > ___ > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
