Hello,
Wireshark manage only one version of the GSM MAP, this
version is defined within the ASN files in the gsm map
sources.
In the current application, one of the latest GSM MAP ASN
definition is used, and additional messages related to previous version have
been included.
This means, for a given application context, only one version of the MAP protocol is implemented.
So,
you can not ask to decode a message with 3GPP TS 29.002 :v5.10.0 or 3GPP TS 29.002
:v6.8.0.
For
your second question, you can have several equipment (so different Point Code)
using the same TCAP transaction ID, so if you don't check the PC, you will mix
several session.
For
frame 2, I need to check with the ASN1 definition of the message to know if
this is a bad decoding.
Regards
Florent
Hi List, Good Evening. I have a problem with GSM MAP
Decoding.So according to the implimentaion map rel version
should be determined dynamically based on application context. I
undesrstand it this way.Application conext is used if its recieved by
traffic. if its recived and the call alreday exist than we may fall
back with mismatch. My question is How do i know which version of GSM
map wireshark uses internally for a specific message.(Well need to
debug is there any other way). There seem to be no version checking
except some checking with application context value 1,2 and 3.Wireshark
checks only application_context_version ==3 nd in some cases <3 .I m
intrested to know is it only handled this way or some other way out. I
Know that the following version release are possible in case of GSM
MAP.
GSM 09.02 Ph 1 :v3.11.0 GSM 09.02 Ph 2 :v4.19.1 3GPP TS 29.002
:v3.12.0 3GPP TS 29.002 :v4.13.0 3GPP TS 29.002 :v5.7.0 3GPP TS
29.002 :v5.10.0 3GPP TS 29.002 :v6.8.0 3GPP TS 29.002
:v6.14.0 3GPP TS 29.002 :v7.8.0
Which version wireshark currently supports. I see only the
following from sources: ETSI TS 129 002 ETSI TS 129 002 V7.5.0 (3GPP
TS 29.002 V7.5.0 (2006-09) Release 7) ETSI TS 129 002 V8.4.0 (3GPP TS
29.002 V8.1.0 (2007-06) Release 8) 3GPP TS 24.080
secondly i saw from sources that it is using MTP3 PC to match a
call.I understand it this way when we have a message,we check for
OID(Source/destnination).continue can have both while begin has source
and abort/end have destination.so comparing previously recived message
with recently recived message we can find the matching call but i m
wondering why MTP3 PC is used.
I have attached a smaple trace where frame 1 and 3 belong to same
transaction. frame 1 is begin and frame 3 is end.begin message at frame
1 source transaction id C746F173 is same as end messae at frame 3(dest
trans id C746F173).both have application-context-name: 0.4.0.0.1.0.24.2
(mwdMngtContext-v2). so in this case v2 is used.if with end message
there would not have been any application-context-name than it would
have used begin's Application context name. on the other hand in frame
2 it gives some decoding error.is it the case that wireshark has a bug
or some thing else.
Any help/pointer on this would help me really to understand the
transaction management in TCAP.
Br tulip
|
Add more friends to your messenger and enjoy!
Invite
them now.