Hi Vikas, Le mer. 26 févr. 2020 à 07:25, Vikas Theng <thengvikas2...@gmail.com> a écrit :
> Hello , > I am trying to dissect mac-nr exported pdu, it is showing mac-nr in > wireshark but not able to dissect complete message. > I have added mac exported pdu heuristics and mac nr heuristics. please > find attachment. > Based on the screenshot I can spot several errors: - you should use the tag EXP_PDU_TAG_HEUR_PROTO_NAME and not EXP_PDU_TAG_PROTO_NAME as you want to use the mac-nr heuristic dissector - the exported PDU payload should be directly the UDP payload, so starting with 6d6163. Remove the first 10 zeroes Best regards, Pascal. > On Fri, Feb 7, 2020 at 7:26 PM Pascal Quantin <pas...@wireshark.org> > wrote: > >> Hi Vikas, >> >> Le ven. 7 févr. 2020 à 14:42, Vikas Theng <thengvikas2...@gmail.com> a >> écrit : >> >>> Hello., >>> I am trying to dissect the runtime MIB message, but runtime It is >>> showing only LLC protocol. >>> When I am converting text to pcap using text2pcap -l 252 file.txt >>> file.pacpng and load file pcap file manually it is showing NR RRC protocol >>> but run-time it is failing and showing LLC protocol. please guide me. >>> >> >> your text2pcap command creates a file with a linktype set to 252 which >> corresponds to WIreshark Upper PDU format. >> Whatever mechanism you use to generate your runtime stream should use >> this linktype if you want to be able to decode it. If another linktype is >> given in the stream, you will get a wrong decoding (like LLC for example). >> Alternatively you could write your own encapsulation protocol running on >> top of a well known UDP port for example, and then a small dissector >> calling the relevant NR RRC dissector when required (based on some meta >> data you would transmit in the UDP payload, along with the NR RRC message >> dump). >> >> Best regards, >> Pascal. >> >> ___________________________________________________________________________ >> Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> >> Archives: https://www.wireshark.org/lists/wireshark-users >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users >> mailto:wireshark-users-requ...@wireshark.org >> ?subject=unsubscribe > > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-requ...@wireshark.org > ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe