Wireshark-dev: Re: [Wireshark-dev] V5.2 and PRI protocols

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 15 Jul 2008 10:44:33 -0700

On Jul 15, 2008, at 6:55 AM, Mahdi M. Hossaini wrote:,

There are two important protocol in PSTN networks which are not supported in wireshark,
They are:

                        V5.2
                        ISDN-PRI (DSS1)

These protocols are used on TDM (T1/E1) links as for MTP and ISUP.

(By "as for MTP and ISUP" do you mean that MTP is also used on T1/E1 links?)

What is the reason for this weakness in wirshark

As Luis indicated, the reason why Wireshark doesn't support V5.2 is that nobody's contributed any code to us to support V5.2.

When you say "DSS1", to which protocols are you referring? As Luis indicated, we *do* support Q.931 and LAPD.

There's the additional question of being able to *capture* that traffic with Wireshark, as opposed to being able to read capture files from other software. To capture on T1/E1 links, you'd need a device such as an Endace DAG card:

	http://www.endace.com/our-products/dag-network-monitoring-cards/pdh-tdm

and OS and libpcap/WinPcap support for those cards. Libpcap on Linux and FreeBSD can be built with support for DAG cards; I think there might be WinPcap support as well. However, we currently don't support *capturing* LAPD with Endace cards (in theory, all that's required would be to add support for DLT_LAPD in the code that reads libpcap files).

and what must we do to support them in wireshark?

Dissecting, or capturing?

For dissecting, you'd need to add support for reading some type of capture file that contains that traffic, as well as adding dissectors for V5.2 protocols and any ISDN PRI protocols that we don't already dissect.

For capturing, you'd need to add that, as well as whatever support is needed to handle the Endace cards.