Ethereal-dev: Re: [Ethereal-dev] how to decode BER encoded ASN.1 messages over TCP?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Matthijs Melchior <mmelchior@xxxxxxxxx>
Date: Sun, 15 Feb 2004 19:13:45 +0100
Alexander W. Janssen wrote:


On Sun, Feb 15, 2004 at 05:27:36PM +0100, Matthijs Melchior wrote:
Hello Matthijs,


The ethereal ASN.1 dissector uses a type-table to describe the ASN.1 types
and values.  This type-table is generated by 'snacc', a free ASN.1 compiler
suite, and in the configuration pane for the dissector you point it to such
a .tt file and mention the name of the top-level PDU and the port where
to expect these messages in a data stream.


Yes, i allready figured that out and used snacc to create the table-type. It
worked as expected. Good job! This is very handy for me :)

I just got one problem, sometimes it seems not to dissect the whole PDU; it
just shows "short frame" and the data seems to be crippled. I thought this was
due to fragments in the first place, but in none of the TCP packets the
more-fragments flag was set.

However, i think that the testdata i have is recorded with a too short
snaplength (tcpdump -s 94 is the default on that flavour of UNIX...). I will
first try and get complete test-data.

Yes, and make sure you have all the defragmenting and desegmenting options
switched on, so the dissector can construct complete asn1 messages.


Btw, is there a possibilty to filter for certain aspects? Something like
asn1.somemsg.someoption.parameter == something?
Yes, all the field names are entered in the display filter expression dialogue 
and you can select on their value. Furthermore, all types are entered too,
named like "asn1.--.Xyzzy" where you can select on their presence.
If any message in an IP packet matched, that packet is selected.


The source file for this dissector, plugins/asn1/packet-asn1.c in the
ethereal tree, contains some more documentation.


Will have a look. Any plans for PER/XER et al. decoding? Not that any of our
protocols use it, but who knows, our R&D changed slowly to a java-monkey
department... *shiver*


Yes, have been thinking about it, but it is very complex and not much time
at the moment...


Anyway, thank you for this very fine plugin! It's a blessing for people who
have to deal with all the ITU-T stuff.

Cheers, Alex.

Thanks,

--
Regards,
----------------------------------------------------------------  -o)
Matthijs Melchior                                       Maarssen  /\\
mmelchior@xxxxxxxxx                                  Netherlands _\_v
---------------------------------------------------------------- ----