Hi, Le mer. 26 févr. 2020 à 20:22, Vikas Theng <thengvikas2...@gmail.com> a écrit :
> In run-time it is dissects it as a mac nr completely. (see attachment ). > but I when dumping it in .txt file and doing text2pacp -l 252 dummy.txt > dummy.pcapng it is not able to dissect it properly. same thing I did for > RRC NR. for RRC NR it is working fine( see attachment ). for MAC NR I want > it as exported pdu. why run-time it is dissecting and while dumping in to > file it is failing. > Obviously you are doing something wrong but as you did not share any info, you will have to investigate it by yourself. For example the mac-nr screenshot shows a framing over UDP and not an exported PDU format. Fortunately you should have everything in hands to fix it. Best regards. > On Wed, Feb 26, 2020 at 2:36 PM Pascal Quantin <pas...@wireshark.org> > wrote: > >> Hi Vikas, >> >> Le mer. 26 févr. 2020 à 09:52, Vikas Theng <thengvikas2...@gmail.com> a >> écrit : >> >>> I did modification as you suggested, but with that modification, it is >>> not able to dissect it as mac nr. >>> >> >> As the exported payload is aaaaaaaa.... (as seen in the GUI) it seems >> like you did not do the proper modification. The exported payload should >> correspond to the UDP payload of the heuristic cissector, so starting with >> the mac-nr magic. Presumably this is because your End-of-options tag has a >> length of 109 instead of 0. >> Moreover I forgot to tell you that the heuristic dissector is named >> mac-nr_udp and not mac-nr. >> >> Best regards, >> Pascal. >> >> >>> On Wed, Feb 26, 2020 at 12:42 PM Pascal Quantin <pas...@wireshark.org> >>> wrote: >>> >>>> Hi Vikas, >>>> >>>> Le mer. 26 févr. 2020 à 07:25, Vikas Theng <thengvikas2...@gmail.com> >>>> a écrit : >>>> >>>>> Hello , >>>>> I am trying to dissect mac-nr exported pdu, it is showing mac-nr in >>>>> wireshark but not able to dissect complete message. >>>>> I have added mac exported pdu heuristics and mac nr heuristics. please >>>>> find attachment. >>>>> >>>> >>>> Based on the screenshot I can spot several errors: >>>> - you should use the tag EXP_PDU_TAG_HEUR_PROTO_NAME and not >>>> EXP_PDU_TAG_PROTO_NAME as you want to use the mac-nr heuristic dissector >>>> - the exported PDU payload should be directly the UDP payload, so >>>> starting with 6d6163. Remove the first 10 zeroes >>>> >>>> Best regards, >>>> Pascal. >>>> >>>> >>>>> On Fri, Feb 7, 2020 at 7:26 PM Pascal Quantin <pas...@wireshark.org> >>>>> wrote: >>>>> >>>>>> Hi Vikas, >>>>>> >>>>>> Le ven. 7 févr. 2020 à 14:42, Vikas Theng <thengvikas2...@gmail.com> >>>>>> a écrit : >>>>>> >>>>>>> Hello., >>>>>>> I am trying to dissect the runtime MIB message, but runtime It is >>>>>>> showing only LLC protocol. >>>>>>> When I am converting text to pcap using text2pcap -l 252 file.txt >>>>>>> file.pacpng and load file pcap file manually it is showing NR RRC >>>>>>> protocol >>>>>>> but run-time it is failing and showing LLC protocol. please guide me. >>>>>>> >>>>>> >>>>>> your text2pcap command creates a file with a linktype set to 252 >>>>>> which corresponds to WIreshark Upper PDU format. >>>>>> Whatever mechanism you use to generate your runtime stream should use >>>>>> this linktype if you want to be able to decode it. If another linktype is >>>>>> given in the stream, you will get a wrong decoding (like LLC for >>>>>> example). >>>>>> Alternatively you could write your own encapsulation protocol running >>>>>> on top of a well known UDP port for example, and then a small dissector >>>>>> calling the relevant NR RRC dissector when required (based on some meta >>>>>> data you would transmit in the UDP payload, along with the NR RRC message >>>>>> dump). >>>>>> >>>>>> Best regards, >>>>>> Pascal. >>>>>> >>>>>> ___________________________________________________________________________ >>>>>> Sent via: Wireshark-users mailing list < >>>>>> wireshark-users@wireshark.org> >>>>>> Archives: https://www.wireshark.org/lists/wireshark-users >>>>>> Unsubscribe: >>>>>> https://www.wireshark.org/mailman/options/wireshark-users >>>>>> mailto:wireshark-users-requ...@wireshark.org >>>>>> ?subject=unsubscribe >>>>> >>>>> >>>>> ___________________________________________________________________________ >>>>> Sent via: Wireshark-users mailing list < >>>>> wireshark-users@wireshark.org> >>>>> Archives: https://www.wireshark.org/lists/wireshark-users >>>>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users >>>>> mailto:wireshark-users-requ...@wireshark.org >>>>> ?subject=unsubscribe >>>> >>>> >>>> ___________________________________________________________________________ >>>> Sent via: Wireshark-users mailing list < >>>> wireshark-users@wireshark.org> >>>> Archives: https://www.wireshark.org/lists/wireshark-users >>>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users >>>> mailto:wireshark-users-requ...@wireshark.org >>>> ?subject=unsubscribe >>> >>> >>> ___________________________________________________________________________ >>> Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org >>> > >>> Archives: https://www.wireshark.org/lists/wireshark-users >>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users >>> mailto:wireshark-users-requ...@wireshark.org >>> ?subject=unsubscribe >> >> >> ___________________________________________________________________________ >> Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> >> Archives: https://www.wireshark.org/lists/wireshark-users >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users >> mailto:wireshark-users-requ...@wireshark.org >> ?subject=unsubscribe > > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-requ...@wireshark.org > ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe
