On Thu, Apr 4, 2013 at 3:59 PM, Cristian Constantin <[email protected]> wrote: > > On Fri, Mar 29, 2013 at 6:19 AM, Hadriel Kaplan <[email protected]> > wrote: >> >> >> Hi Cristian - thanks for example script! >> Comments inline... >> >> >> On Mar 20, 2013, at 1:11 PM, Cristian Constantin >> <[email protected]> wrote: >> >> > hi! >> > I attach a lua script that can extract and dump in a separate file >> > isup payloads from either sigtran or ss7 packets. >> >> Do you have a sample capture file to test it against? The only ones I have >> with ISUP don't have the data tag you're exporting. > > > cristian: you mean the pcap has sigtran packets and the test for the m3ua tag > number fails? > I could make the tag number configurable... > > cristian: I have checked the m3ua rfc again.
http://tools.ietf.org/html/rfc4666#section-3.3.1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tag = 0x0210 | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ / Protocol Data / \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ [...] Protocol Data: variable length The Protocol Data parameter contains the original SS7 MTP3 message, including the Service Information Octet and Routing Label. The Protocol Data parameter contains the following fields: Service Indicator Network Indicator Message Priority Destination Point Code Originating Point Code Signalling Link Selection Code (SLS) User Protocol Data, which includes MTP3-User protocol elements (e.g., ISUP, SCCP, or TUP parameters) as far as I can tell one can have isup only in protocol data tags. the script is also testing for isup data inside the m3ua protocol data like this: local m3ua_param_si = Field.new("m3ua.protocol_data_si") local si = m3ua_param_si() local si_number = tonumber(tostring(si)) -- check if this is ISUP data if(tonumber(si_number)==5) then ... either the script does not properly handle some cases or your pcap does not have isup in the m3ua protocol data (??). cristian ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
