Wireshark-bugs: [Wireshark-bugs] [Bug 9623] New: Incorrect "malformed-packet" indication for MT-

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 07 Jan 2014 13:53:09 +0000
Bug ID 9623
Summary Incorrect "malformed-packet" indication for MT-RSP (GSM MAP)
Classification Unclassified
Product Wireshark
Version unspecified
Hardware x86
OS Windows 7
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Created attachment 12433 [details]
example of "false" malformed packet

Build Information:
Version 1.11.3-SVN-54548 (SVN Rev 54548 from /trunk)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 3.4.4, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.32.4, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6,
with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jan  1 2014),
with AirPcap.

Running on 32-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
       Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz, with 3240MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--

(*) See below for an example of wireshark indicating a "malformed packet"
incorrectly. I will also attach a pcap to the bug. 

(*) See here for location of SMS teleservice specification:
http://www.3gpp.org/ftp/specs/archive/23_series/23.040/. The same value of
TP-MTI is used for SMS-DELIVER-REPORT as SMS-DELIVER

       The TP-Message-Type-Indicator is a 2-bit field, located within bits no 0
and 1 of the first octet of all PDUs which can be given the following values:
        bit1    bit0    Message type
        0    0    SMS DELIVER (in the direction SC to MS)    
        0    0    SMS DELIVER REPORT (in the direction MS to SC)    


(*) The dialogue response (visible in the pcap file) indicates that the packet
is a response and also the fact that the teleservice payload is encapsulated in
a TC-End(ReturnResultLast) should mean that wireshark should try to decode this
as a SMS-DELIVER-REPORT and not a SMS-DELIVER


-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

No.     Time        Source                Destination           Protocol Length
Info
      1 0.000000    65793                 131586                GSM SMS  190   
returnResultLast mt-forwardSM [Malformed Packet]

Frame 1: 190 bytes on wire (1520 bits), 190 bytes captured (1520 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: Jan  7, 2014 13:31:19.000000000 GMT Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1389101479.000000000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 190 bytes (1520 bits)
    Capture Length: 190 bytes (1520 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:sctp:m3ua:sccp:tcap:gsm_map:gsm_sms]
Ethernet II, Src: 0a:01:01:01:01:01 (0a:01:01:01:01:01), Dst: 0a:02:02:02:02:02
(0a:02:02:02:02:02)
    Destination: 0a:02:02:02:02:02 (0a:02:02:02:02:02)
    Source: 0a:01:01:01:01:01 (0a:01:01:01:01:01)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.1.1.1 (10.1.1.1), Dst: 10.2.2.2 (10.2.2.2)
    Version: 4
    Header Length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT
(Not ECN-Capable Transport))
    Total Length: 176
    Identification: 0x1234 (4660)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 255
    Protocol: SCTP (132)
    Header checksum: 0x9190 [correct]
    Source: 10.1.1.1 (10.1.1.1)
    Destination: 10.2.2.2 (10.2.2.2)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Stream Control Transmission Protocol, Src Port: 4901 (4901), Dst Port: 4901
(4901)
    Source port: 4901
    Destination port: 4901
    Verification tag: 0x00000000
    [Assocation index: 0]
    Checksum: 0x8605e5bb (not verified)
    DATA chunk(ordered, complete segment, TSN: 0, SID: 0, SSN: 0, PPID: 3,
payload length: 128 bytes)
MTP 3 User Adaptation Layer
    Version: Release 1 (1)
    Reserved: 0x00
    Message class: Transfer messages (1)
    Message Type: Payload data (DATA) (1)
    Message length: 128
    Protocol data (SS7 message of 102 bytes)
Signalling Connection Control Part
    Message Type: Unitdata (0x09)
    .... 0001 = Class: 0x01
    1000 .... = Message handling: Return message on error (0x08)
    Pointer to first Mandatory Variable parameter: 88
    Pointer to second Mandatory Variable parameter: 2
    Pointer to third Mandatory Variable parameter: 13
    Called Party address (11 bytes)
        Address Indicator
        SubSystem Number: MSC (Mobile Switching Center) (8)
        [Linked to TCAP, TCAP SSN linked to GSM_MAP]
        Global Title 0x4 (9 bytes)
            Translation Type: 0x00
            0001 .... = Numbering Plan: ISDN/telephony (0x01)
            .... 0010 = Encoding Scheme: BCD, even number of digits (0x02)
            .000 0100 = Nature of Address Indicator: International number
(0x04)
            Called Party Digits: 353104070325
                Called or Calling GT Digits: 353104070325
                Number of Called Party Digits: 12
                Country Code: 353 Ireland (length 3)
    Calling Party address (11 bytes)
        Address Indicator
        SubSystem Number: MSC (Mobile Switching Center) (8)
        [Linked to TCAP, TCAP SSN linked to GSM_MAP]
        Global Title 0x4 (9 bytes)
            Translation Type: 0x00
            0001 .... = Numbering Plan: ISDN/telephony (0x01)
            .... 0010 = Encoding Scheme: BCD, even number of digits (0x02)
            .000 0100 = Nature of Address Indicator: International number
(0x04)
            Calling Party Digits: 353104096991
                Called or Calling GT Digits: 353104096991
                Number of Calling Party Digits: 12
                Country Code: 353 Ireland (length 3)
Transaction Capabilities Application Part
    end
        Destination Transaction ID
        oid: 0.0.17.773.1.1.1 (id-as-dialogue)
        dialogueResponse
        components: 1 item
GSM Mobile Application
    Component: returnResultLast (2)
GSM SMS TPDU (GSM 03.40) SMS-DELIVER
    0... .... = TP-RP: TP Reply Path parameter is not set in this SMS
SUBMIT/DELIVER
    .0.. .... = TP-UDHI: The TP UD field contains only the short message
    ..0. .... = TP-SRI: A status report shall not be returned to the SME
    .... .0.. = TP-MMS: More messages are waiting for the MS in this SC
    .... ..00 = TP-MTI: SMS-DELIVER (0)
    TP-Originating-Address
        Length: 0 address digits
[Malformed Packet: GSM SMS]
    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
        [Malformed Packet (Exception occurred)]
        [Severity level: Error]
        [Group: Malformed]

You are receiving this mail because:
  • You are watching all bug changes.