Bug ID |
12286
|
Summary |
tshark can't decode s1ap message
|
Product |
Wireshark
|
Version |
2.1.x (Experimental)
|
Hardware |
x86-64
|
OS |
Fedora
|
Status |
UNCONFIRMED
|
Severity |
Major
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
[email protected]
|
Reporter |
[email protected]
|
Build Information:
tshark -v
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 2.0.3 (SVN Rev Unknown from unknown)
Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, without POSIX capabilities, without libnl, with
libz 1.2.7, with GLib 2.36.4, without SMI, without c-ares, without ADNS,
without
Lua, without GnuTLS, without Gcrypt, without Kerberos, without GeoIP.
Running on Linux 3.14.27-100.fc19.x86_64, with locale en_US.UTF-8, with libpcap
version 1.4.0, with libz 1.2.7.
Intel(R) Xeon(R) CPU X3210 @ 2.13GHz
Built using gcc 4.8.3 20140911 (Red Hat 4.8.3-7).
--
Hi,
Following up Bug 12276 and question
https://ask.wireshark.org/questions/51141/tshark-cant-decode-s1ap-message,
I have installed the latest nightly version of Wireshark in my linux box and
some fields don't show up correctly. To be more specific, regarding diameter
messages that were 'unknown' before, I tweaked dictionary.xml and are now shown
correctly.
In a specific S1AP message, there is a new field added in the packet, which is
not correctly decoded by Wireshark. This field is dislayed as "Item 7:
unknown(195)", which is not the correct name. Of course subfields of that field
are not displayed correctly either.
Problem is that can't find out how to do the same with s1ap messages. Any clue?
Thanks!
What I get when exporting this field to pdml is:
<field name="" show="Item 7: unknown (195)" size="5" pos="294"
value="00c3400164">
<field name="s1ap.ProtocolIE_Field_element"
showname="ProtocolIE-Field" size="5" pos="294" show="" value="">
<field name="s1ap.id" showname="id: Unknown (195)" size="2"
pos="294" show="195" value="00c3"/>
<field name="per.enum_index" showname="Enumerated Index: 1"
hide="yes" size="1" pos="296" show="1" value="40"/>
<field name="s1ap.criticality" showname="criticality: ignore
(1)" size="1" pos="296" show="1" value="40"/>
<field name="per.open_type_length" showname="Open Type
Length: 1" hide="yes" size="1" pos="297" show="1" value="01"/>
<field name="s1ap.value_element" showname="value" size="1"
pos="298" show="" value=""/>
</field>
</field>
Br,
Sotiris
You are receiving this mail because:
- You are watching all bug changes.