Wireshark-dev: Re: [Wireshark-dev] VoIP call analysis

From: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
Date: Thu, 27 Nov 2008 05:47:57 +0100
On Wed, Nov 26, 2008 at 9:52 PM, Michael Lum
<michael.lum@xxxxxxxxxxxxxxxxx> wrote:
>
> Hi Luis, thanks for responding,
>
You welcome.

>
> I wasn't expecting any tie in between the A-interface (Iu-CS)
> signaling and MAP/TCAP.

Just as an example a Location-Update flows from a BSC to the HLR.

RAN -(RANAP/BSSAP)-> MSC -(MAP/TCAP)-> VLR -(MAP/TCAP)-> HLR

Similar thing happen to SMSs:
RAN -(RANAP/BSSAP)-> MSC -(MAP/TCAP)-> SMS-C ...

> I don't think I'm explaining myself properly.
>
> I'm only expecting to see the signaling and call state of the one leg.
>
> I'm trying to figure out if I should add more functionality here.
>
> The current code (as of 1.0.4) shows Location Updates as VoIP calls.
> Was this intended?
>
> Was the SCCP associations code written for VoIP calls?
>

No, the code was originally written to overcome the lack of good
heuristics to discover BSSAP and RANAP. In Connection Oriented service
the SSN is to be found in only in the CR message so only the Setup
message was decoded "deterministically", I wrote the code to tie
toghether a connection so that other messages in the connection where
always decoded by the propper dissector. I wrongly named the
connection "association", because that is how "this information" is
called in the configuration of the nodes.

Later I used this information to collect information about the call to
be shown by the dissector. A colleague pointed me out that it would be
nice to have flow-graphs for these, and since that job was already
there I just mapped it into the VoIP calls dialog.

SCCP (RANAP/BSSAP), ALCAP and GCP work differently than other
protocols do in the VoIP-Calls dialog because I re-used information
already collected by procedures in the dissectors that had already
done most of the job. That's why RANAP and BSSAP add its information
to the connection data (assoc) in the dissector and pass to the
VoIP-Calls facility info about the whole connection via the tap
instead of just for the current message's like other protocols do.

\Lego
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan