Ethereal-dev: [Ethereal-dev] Ethereal 0.8.20 and WSP/GTP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Denis A. Doroshenko" <cyxob@xxxxxxxxxxxxxxxx>
Date: Sat, 20 Oct 2001 00:53:52 +0200
hello,

tried 0.8.20, and it's really greatly improved since 0.8.19. we like
it much, it has some features, that commercial tools lack... we use
Ethereal to dissect WSP (with or without WTP) and use it with great
success on Gn links dissecting GTP. sure we was impressed with GTP
options with selection for CDR dissection, though when connected to
Ga we could not make Ethereal dissecting CDRs within GTP'...
ok, now to business...

now Ethereal dissects several WTP transactions within one packet
successfully (as truly written at changelog Nokia 8310 does this
in connection-mode). but... apparently Ethereal doesn't dissect
Reply to Get, complaining about malformed headers. these are the
very same packets 0.8.19 dissects with no problems.

OS:
	OpenBSD 2.9 (stable branch and fresh release)
Ethereal:
	0.8.20 from the sources, current as of 18 Sep 2001
GTK+:
	1.2.10 (though the same thing happens to tethereal)
Sequence:
	simple open the capture file, we've successfully analysed
	with 0.8.19, or for example similar command:
		tethereal -nlVr file -R 'gtpv0.tid == "IMSI+NSAPI"'
Dumps:
	well, it's pity, but i may not provide you with the whole
	packets because... because of some particular reasons. hope
	you'll understand me. i know it is bad.

it seems the header it gets error on is a cache control header.
it looks like the following:

User Datagram Protocol, Src Port: 9201 (9201), Dst Port: 49200 (49200)
    Source port: 9201 (9201)
    Destination port: 49200 (49200)
    Length: 391
    Checksum: 0xabb2 (correct)
Wireless Transaction Protocol
    0... .... = Continue Flag: No TPI
    .001 0... = PDU Type: Result (0x02)
    .... .01. = Trailer Flags: Last packet of message (0x01)
    .... ...0 = Re-transmission Indicator: First transmission
    1... .... .... .... = TID Response: Response
    .000 1111 0101 0010 = Transaction ID: 0x0f52
Wireless Session Protocol
    PDU Type: Reply (0x04)
    Status: OK (0x20)
    Headers Length: 57
    Content Type: application/vnd.wap.wmlc (0x14)
    Headers
        Date: Oct 17, 2001 11:52:05.000000000
        Server: Apache/1.3.9
        X-powered-by: PHP/4.0.4pl1
        Connection: Close (0x00)
[Malformed Frame: WSP]

hex dump of the same part:

0050  xx xx 23 f1 c0 30 01 87 ab b2 12 8f!52 04 20 39   ..#..0......R. 9
0060  94 92 04 3b cd 54 c5 a6 41 70 61 63 68 65 2f 31   ...;.T..Apache/1
0070  2e 33 2e 39 00 58 2d 70 6f 77 65 72 65 64 2d 62   .3.9.X-powered-b
0080  79 00 50 48 50 2f 34 2e 30 2e 34 70 6c 31 00 89   y.PHP/4.0.4pl1..
0090  80 88 02 82 80 8d 02 01 40 01 04 6a 00 ff 50 03   [email protected].
00a0  6c 74 00 01 6c 01 7b e8 45 18 03 4f 4d 4e 49 54   lt..l.{.E..OMNIT
00b0  45 4c 00 01 ab 4a 03 2f 00 01 01 01 e7 36 03 4f   EL...J./.....6.O
00c0  6d 6e 69 74 65 6c 20 57 41 50 00 01 60 ae 0c 03   mnitel WAP..`...
00d0  4f 6d 6e 69 74 65 6c 00 32 03 4f 6d 6e 69 2e 77   Omnitel.2.Omni.w
00e0  62 6d 70 00 01 01 60 dc 4a 03 69 6e 64 65 78 2e   bmp...`.J.index.
00f0  70 68 70 3f 6d 61 69 6e 2c 35 33 32 34 00 01 03   php?main,5324...
0100  4e 61 75 6a 69 65 6e 6f 73 00 01 01 60 dc 4a 03   Naujienos...`.J.
0110  69 6e 64 65 78 2e 70 68 70 3f 6d 61 69 6e 2c 35   index.php?main,5
0120  33 32 37 00 01 03 50 72 61 6d 6f 67 6f 73 00 01   327...Pramogos..
0130  01 60 dc 4a 03 69 6e 64 65 78 2e 70 68 70 3f 6d   .`.J.index.php?m
0140  61 69 6e 2c 35 33 32 32 00 01 03 22 4f 6d 6e 69   ain,5322..."Omni
0150  74 65 6c 22 20 70 61 73 6c 61 75 67 6f 73 00 01   tel" paslaugos..
0160  01 60 dc 4a 03 69 6e 64 65 78 2e 70 68 70 3f 6d   .`.J.index.php?m
0170  61 69 6e 2c 35 33 32 38 00 01 03 4b 61 74 61 6c   ain,5328...Katal
0180  6f 67 61 73 00 01 01 60 dc 4b a1 03 6f 6d 6e 69   ogas...`.K..omni
0190  74 65 6c 00 87 03 73 6b 65 6c 62 69 6d 61 69 2f   tel...skelbimai/
01a0  77 61 70 2f 00 01 03 53 6b 65 6c 62 69 6d 61 69   wap/...Skelbimai
01b0  00 01 01 60 dc 4a 03 69 6e 64 65 78 2e 70 68 70   ...`.J.index.php
01c0  3f 6d 61 69 6e 2c 35 33 32 33 00 01 03 50 69 6e   ?main,5323...Pin
01d0  69 67 61 69 00 01 01 01 01                        igai.....

-- 
Let the Force be with You!..
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Denis A. Doroshenko                    internet services, unices, m$ os
System programmer and administrator    programming, administering, consulting
mailto:cyxob@xxxxxxxxxxxxxxxx          do you BSD? --> http://www.OpenBSD.org

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGiBDshRwIRBACWFW01QirBS91PmAaAmQ4k9mlbgYanI8EQnpeW+q7ABJaL8bYr
HzhNLvVatUxlscPy8HVxzSGYPluLBWRJ4xizuV+G3xwPPFkC1k1QnBSGCblkfVD1
SqK1IKYt6j7qsYp8qMD6utXKmeDALGIzlY8yC9tIwlU0rpfDvZd/idZouwCgrozA
pl0JuP2rLwMKBiv2QV4mqm0D/38HWZk2sLjrkh9hNuSxd5PTjWKnySmc4jrE5a7G
Ib9cMBNErDp+kxOF9dDTbQcjZSbdzMWR927snHaFAlMaqcUPiJ5h8aiaob/qtyoW
mKZoq8kYSoCvJ3DiBWvFGChOLXSnhMfFiILGhhQRNszuSKkHSVVrkyhQCLb4NQOk
ARrhA/9p+lEll0LWiqdJrh4rHoKfoI4ZiTOFKfUhTA/6OfoJ7RcRCzzPPspWLbhf
ecq9QU5Du9BseiWI0iQZG3qTr9HhvTD4mdPuhg3zJyJAjoY5oaFqw7/fuNjEKRHW
7eDdvQkQznLEWwiLxgMrzy8mZUQ4v2xlqkTLLZmBvtgXwYQgs7Q2RGVuaXMgQS4g
RG9yb3NoZW5rbyAocHJpdmF0ZSkgPGN5eG9iQHRoaWVmLmR5bmRucy5vcmc+iFcE
ExECABcFAjshRwIFCwcKAwQDFQMCAxYCAQIXgAAKCRCbcgjHkn0ccyl4AJ9ozYiL
AIwz0pNybugxU2ej431/XwCdFT5V+IONA6LFP64wPlnszsm770S5AQ0EOyFHFxAE
AMa2PBufYnEVYSF0vNaN/KWb9d9c8jLIYeanM1XBY9hwCxlQG7qB00hsAWsMSdwd
0TflnJg/rAjrOQ+jItB9dwdcaGDk52t9roZ3CVpXPPLs18VH5DnapqGsla+wSje7
qv2oi6Ga+ecYI3saYllCWfVgiejQDkov9KGuz6simwtTAAMFA/94R9KSj2BXreUa
Ag9E92oUnTvza7/tciW5UowDMQk3MzCX6k2Kw50daud2GN/E5pq1xO1k7hZc+Nne
Ph0RieGFZhoXdfmzg3gN5wL7JxsCVR4Yl4LpBsHYDRSuaJduf54eo9yv3mFKPpGw
5qxcPGxRdTco2MqmwI01Zo3rySpCnYhGBBgRAgAGBQI7IUcXAAoJEJtyCMeSfRxz
CMEAoKVwifd7si0G+RHSA7vGrHW8/hpNAKCdZ4wx2P0FLTH3S+H3mu6zROc6Bw==
=mSgQ
-----END PGP PUBLIC KEY BLOCK-----