Wireshark-bugs: [Wireshark-bugs] [Bug 9622] New: sendRoutingInfoForSMResp Phase 1 decode problem
Date: Tue, 07 Jan 2014 13:17:29 +0000
Bug ID | 9622 |
---|---|
Summary | sendRoutingInfoForSMResp Phase 1 decode problem (GSM MAP) |
Classification | Unclassified |
Product | Wireshark |
Version | unspecified |
Hardware | x86 |
OS | Windows 7 |
Status | UNCONFIRMED |
Severity | Normal |
Priority | Low |
Component | Dissection engine (libwireshark) |
Assignee | [email protected] |
Reporter | [email protected] |
Created attachment 12432 [details] example of decode issue Build Information: Version 1.11.3-SVN-54548 (SVN Rev 54548 from /trunk) Copyright 1998-2014 Gerald Combs <[email protected]> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (32-bit) with GTK+ 3.4.4, with Cairo 1.10.2, with Pango 1.30.1, with GLib 2.32.4, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jan 1 2014), with AirPcap. Running on 32-bit Windows 7 Service Pack 1, build 7601, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap. Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz, with 3240MB of physical memory. Built using Microsoft Visual C++ 10.0 build 40219 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- See the wireshark dump below (which I will also attach as a pcap to the bug). I believe that wireshark is indicating a "BER error" incorrectly. (*) The absence of a dialogue portion indicates that a phase 1 SRI response has been received (*) See here for GSM Phase 1 MAP specification (after a google on GSM Phase 1 MAP specification) http://www.etsi.org/deliver/etsi_gts/09/0902/03.11.00_60/gsmts_0902sv031100p.pdf -- Page 423: SRISM-RSP shown here: RESULT SEQUENCE { imsi IMSI, CHOICE { [0] IMPLICIT SEQUENCE { locationInfo LocationInfo IMsId LMsId OPTIONAL }, forwardingData [1] IMPLICIT ForwardingData }, mwd-Set [2] IMPLICIT BOOLEAN OPTIONAL } (*) ASN#1 definition from the wireshark source shown below <>/asn1/gsm_map/MAP-SM-DataTypes.asn RoutingInfoForSM-Res ::= SEQUENCE { imsi IMSI, locationInfoWithLMSI [0] LocationInfoWithLMSI, extensionContainer [4] ExtensionContainer OPTIONAL, ..., ip-sm-gwGuidance [5] IP-SM-GW-Guidance OPTIONAL } (*) Wireshark definition missing "forwardingData" and "mwd-Set" ?? (*) Perhaps possible to amend the wireshark ASN#1 definiton as shown ?? CHOICE { locationInfoWithLMSI [0] LocationInfoWithLMSI, forwardingData [1] IMPLICIT ForwardingData }, mwd-Set [2] BOOLEAN OPTIONAL, -==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- No. Time Source Destination Protocol Length Info 1 0.000000 65793 131586 GSM MAP 162 returnResultLast sendRoutingInfoForSM Frame 1: 162 bytes on wire (1296 bits), 162 bytes captured (1296 bits) Ethernet II, Src: 0a:01:01:01:01:01 (0a:01:01:01:01:01), Dst: 0a:02:02:02:02:02 (0a:02:02:02:02:02) Internet Protocol Version 4, Src: 10.1.1.1 (10.1.1.1), Dst: 10.2.2.2 (10.2.2.2) Stream Control Transmission Protocol, Src Port: 4901 (4901), Dst Port: 4901 (4901) MTP 3 User Adaptation Layer Signalling Connection Control Part Message Type: Unitdata (0x09) .... 0000 = Class: 0x00 1000 .... = Message handling: Return message on error (0x08) Pointer to first Mandatory Variable parameter: 3 Pointer to second Mandatory Variable parameter: 14 Pointer to third Mandatory Variable parameter: 25 Called Party address (11 bytes) Address Indicator SubSystem Number: MSC (Mobile Switching Center) (8) [Linked to TCAP, TCAP SSN linked to GSM_MAP] Global Title 0x4 (9 bytes) Translation Type: 0x00 0001 .... = Numbering Plan: ISDN/telephony (0x01) .... 0010 = Encoding Scheme: BCD, even number of digits (0x02) .000 0100 = Nature of Address Indicator: International number (0x04) Called Party Digits: 353104070325 Called or Calling GT Digits: 353104070325 Number of Called Party Digits: 12 Country Code: 353 Ireland (length 3) Calling Party address (11 bytes) Address Indicator SubSystem Number: HLR (Home Location Register) (6) [Linked to TCAP, TCAP SSN linked to GSM_MAP] Global Title 0x4 (9 bytes) Translation Type: 0x00 0001 .... = Numbering Plan: ISDN/telephony (0x01) .... 0010 = Encoding Scheme: BCD, even number of digits (0x02) .000 0100 = Nature of Address Indicator: International number (0x04) Calling Party Digits: 353104063593 Transaction Capabilities Application Part end Destination Transaction ID dtid: 0617ab1f components: 1 item Component: returnResultLast (2) returnResultLast invokeID: 0 resultretres opCode: localValue (0) localValue: 45 CONSTRUCTOR CONSTRUCTOR Tag Tag: 0x00 Length: 24 Parameter (0x04) Tag: 0x04 Length: 8 Data: 72 CONSTRUCTOR CONSTRUCTOR Tag Tag: 0x02 Length: 9 Parameter (0x01) Tag: 0x01 Length: 7 Data: 91 Parameter (0x02) Tag: 0x02 Length: 1 Data: 00 GSM Mobile Application Component: returnResultLast (2) returnResultLast invokeID: 0 resultretres opCode: localValue (0) localValue: sendRoutingInfoForSM (45) imsi: 72025116309409f6 TBCD digits: 272015610349906 locationInfoWithLMSI networkNode-Number: 91531340301312 1... .... = Extension: No Extension .001 .... = Nature of number: International Number (0x01) .... 0001 = Number plan: ISDN/Telephony Numbering (Rec ITU-T E.164) (0x01) Address digits: 353104033121 Country Code: 353 Ireland (length 3) BER Error: This field lies beyond the end of the known sequence definition. [Expert Info (Warn/Malformed): BER Error: Unknown field in Sequence] 0000 0a 02 02 02 02 02 0a 01 01 01 01 01 08 00 45 00 ..............E. 0010 00 94 12 34 00 00 ff 84 91 ac 0a 01 01 01 0a 02 ...4............ 0020 02 02 13 25 13 25 00 00 00 00 57 e7 75 12 00 03 ...%.%....W.u... 0030 00 74 00 00 00 00 00 00 00 00 00 00 00 03 01 00 .t.............. 0040 01 01 00 00 00 64 02 10 00 5c 00 01 01 01 00 02 .....d...\...... 0050 02 02 03 03 00 00 09 80 03 0e 19 0b 52 08 00 12 ............R... 0060 04 53 13 40 70 30 52 0b 12 06 00 12 04 53 13 40 [email protected].@ 0070 60 53 39 2e 64 2c 49 04 06 17 ab 1f 6c 24 a2 22 `S9.d,I.....l$." 0080 02 01 00 30 1d 02 01 2d 30 18 04 08 72 02 51 16 ...0...-0...r.Q. 0090 30 94 09 f6 a0 09 81 07 91 53 13 40 30 13 12 82 0........S.@0... 00a0 01 00
You are receiving this mail because:
- You are watching all bug changes.
- Prev by Date: [Wireshark-bugs] [Bug 9612] Dissector of AMQP 1.0
- Next by Date: [Wireshark-bugs] [Bug 9612] Dissector of AMQP 1.0
- Previous by thread: [Wireshark-bugs] [Bug 9621] OpenFlow 1.4 dissector: add missing features
- Next by thread: [Wireshark-bugs] [Bug 9623] New: Incorrect "malformed-packet" indication for MT-RSP (GSM MAP)
- Index(es):