["Martin Mathieson" <martin.mathieson@xxxxxxxxxxxx>]

----- Original Message ----- 
From: "Guy Harris" <gharris@xxxxxxxxx>
To: "Ethereal development" <ethereal-dev@xxxxxxxxxxxx>
Sent: 12 April 2006 20:07
Subject: Re: [Ethereal-dev] [Patches] Wiretap support forCatapult
DCT2000.outfiles


> Martin Mathieson wrote:
>
> > Yes, this should be possible - I'll take a look tomorrow.  I only need
to
> > work out which ethereal dissector best corresponds to "ss7_mtp2"
>
> Would the MTP2 dissector do, or are there some differences?

More than likely, but I'm not familiar with SS7 protocols.

When I'm back at work tomorrow I'll run the dct2000 decoder on the file so
that I can compare the decodes with the dissector.  dct2000 also has many
protocols that are primitives exchanged between layers in the stack,
configuration protocols - hopefully these ones are the standard protocol
messages directly from the line (and therefore be dissectable).

The wiretap module has a flag controlling whether or not these non-standard
protocols should be 'read' or 'skipped'.  It defaults to 'read' so that
wiretap can merge complete logs, but the protocol for the context stub has a
preference that can turn this off.  When these non-standard messages are
passed to Ethereal it parses and shows the context info, but displays the
message bytes just as an unparsed hex string.