Wireshark-dev: Re: [Wireshark-dev] Wireshark-dev Digest, Vol 32, Issue 9

From: tulip neo <neo.tulip@xxxxxxxxx>
Date: Wed, 7 Jan 2009 21:52:42 -0800 (PST)


--- On Wed, 7/1/09, wireshark-dev-request@xxxxxxxxxxxxx <wireshark-dev-request@xxxxxxxxxxxxx> wrote:
From: wireshark-dev-request@xxxxxxxxxxxxx <wireshark-dev-request@xxxxxxxxxxxxx>
Subject: Wireshark-dev Digest, Vol 32, Issue 9
To: wireshark-dev@xxxxxxxxxxxxx
Date: Wednesday, 7 January, 2009, 8:00 PM

Send Wireshark-dev mailing list submissions to
	wireshark-dev@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
	https://wireshark.org/mailman/listinfo/wireshark-dev
or, via email, send a message with subject or body 'help' to
	wireshark-dev-request@xxxxxxxxxxxxx

You can reach the person managing the list at
	wireshark-dev-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-dev digest..."


Today's Topics:

   1. bug within documentation ? (Toralf F?rster)
   2. Re: Package issue under Windows XP (Pascal Quantin)
   3. Re: Help on understanding Application context in	TCAPto be
      used by GSM MAP (DROUIN FLORENT)


----------------------------------------------------------------------

Message: 1
Date: Wed, 7 Jan 2009 11:17:29 +0100
From: Toralf F?rster <toralf.foerster@xxxxxx>
Subject: [Wireshark-dev] bug within documentation ?
To: wireshark-dev@xxxxxxxxxxxxx
Message-ID: <200901071117.33031.toralf.foerster@xxxxxx>
Content-Type: text/plain; charset="iso-8859-15"

Hello,

trying to follow the dev guide there seems to be a mistake within 
wsdg_html_chunked/ChDissectAdd.html :

Instead
	void dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);

it should be:
	static
	void dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);

isn't it ?

-- 
MfG/Sincerely

Toralf F?rster
pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url :
http://www.wireshark.org/lists/wireshark-dev/attachments/20090107/ff98bd15/attachment.pgp


------------------------------

Message: 2
Date: Wed, 7 Jan 2009 17:07:34 +0100
From: "Pascal Quantin" <pascal.quantin@xxxxxxxxx>
Subject: Re: [Wireshark-dev] Package issue under Windows XP
To: yunjnz@xxxxxxxxx, 	"Developer support list for Wireshark"
	<wireshark-dev@xxxxxxxxxxxxx>
Message-ID:
	<3fea00170901070807w3579e444h1e5ca6cee3ab1c4c@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

Hi,

I submitted a patch to Gerald allowing to build 1.0.X branch with
VS2008 and VS2008EE. Wait for its delivery or switch to trunk in the
meantime.

Regards,
Pascal.

2009/1/7 Sean <yunjnz@xxxxxxxxx>:
> After modifying from VS2008 PE to EE, the installer still doesn't
work.
> Can anyone help me on this issue?
> Thanks a lot.
>
>
> --- On Tue, 1/6/09, Anders Broman <a.broman@xxxxxxxxx> wrote:
>
>> From: Anders Broman <a.broman@xxxxxxxxx>
>> Subject: SV: [Wireshark-dev] Package issue under Windows XP
>> To: yunjnz@xxxxxxxxx, "'Developer support list for
Wireshark'" <wireshark-dev@xxxxxxxxxxxxx>
>> Date: Tuesday, January 6, 2009, 8:34 PM
>> Hi,
>> I think changes were made to make WS compile with
>> VS2008/VS2008EE after
>> branching of the 1.0.x branch. You are better of using
>> trunk with VS2008.
>>
>> Regards
>> Anders
>>
>> -----Ursprungligt meddelande-----
>> Fr?n: wireshark-dev-bounces@xxxxxxxxxxxxx
>> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] F?r Sean
>> Skickat: den 5 januari 2009 05:36
>> Till: Developer support list for Wireshark; Gerald Combs
>> ?mne: Re: [Wireshark-dev] Package issue under Windows XP
>>
>>
>>
>>
>> --- On Mon, 1/5/09, Gerald Combs
>> <gerald@xxxxxxxxxxxxx> wrote:
>>
>> > From: Gerald Combs <gerald@xxxxxxxxxxxxx>
>> > Subject: Re: [Wireshark-dev] Package issue under
>> Windows XP
>> > To: yunjnz@xxxxxxxxx, "Developer support list for
>> Wireshark"
>> <wireshark-dev@xxxxxxxxxxxxx>
>> > Date: Monday, January 5, 2009, 10:54 AM
>> > Sean wrote:
>> > > Greetings,
>> > >
>> > > I'm using source code of 1.0.4 to build
>> package
>> > under windows XP,
>> > > the compiler is Microsoft Visual Studio 2008
>> > Professional Edition,
>> > > the config.nmake is configured to
>> > MSVC_VARIANT=MSVC2008EE,
>> > > after compilation, the package is created
>> > successfully,
>> > > but after installing on windows XP,
>> > > the wireshark can't run successfully,
>> > > following is the message:
>> > >
>> > > The application failed to initialize
>> > properly(0xc0000142). Click on OK to terminate the
>> > application.
>> >
>> > If you have Visual Studio 2008 Profesional Edition,
>> you
>> > should set
>> > MSVC_VARIANT to MSVC2008 instead of MSVC2008EE (which
>> is
>> > for the Express
>> > Edition). One of the key differences between the
>> Express
>> > Editions of
>> > Visual Studio (and the reason we have different
>> variant
>> > definitions) is
>> > that they don't come with package-able versions of
>> the
>> > C and C++
>> > runtimes, while the "full frontal" editions
>> do.
>> >
>> > Setting the variant to MSVC2008EE (or MSVC2005EE)
>> means
>> > that the
>> > installer you create won't come with the C
>> runtime, and
>> > assumes that
>> > you'll have Microsoft Visual C++ 2008 SP1
>> > Redistributable Package
>> > installed on the target machine.
>>
>> But it seems that the version 1.0.4 can't recognize
>> MSVC2008 in
>> config.nmake,
>> how can I modify the config.nmake?
>> should I modify other files for using MSVC 2008
>> professional instead of MSVC
>> 2008 EE?
>> Thank you very much.
>>
>>
>>
>>
___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list
>> <wireshark-dev@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe:
>> https://wireshark.org/mailman/options/wireshark-dev
>>
>> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
>
___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list
<wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>


------------------------------

Message: 3
Date: Wed, 7 Jan 2009 18:25:44 +0100
From: "DROUIN FLORENT" <Florent.Drouin@xxxxxxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Help on understanding Application context
	in	TCAPto be used by GSM MAP
To: "Developer support list for Wireshark"
	<wireshark-dev@xxxxxxxxxxxxx>
Message-ID:
	<D4A66445BD33384B8F5C4DF5EB4CCE6201EA56A8@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
	
Content-Type: text/plain; charset="iso-8859-1"
Hi Florent,
Good Morning.Thanks for the reply.I m bit confused.Here is 
my understanding.First MAP version is determined by 
Application context.so Which versions are possible?
Depending upon the application context the version can be 
any thing as given bellow
GSM 09.02 Ph 1 :v3.11.0
GSM 09.02 Ph 2 :v4.19.1
3GPP TS 29.002 :v3.12.0
3GPP TS 29.002 :v4.13.0
3GPP TS 29.002 :v5.7.0
3GPP TS 29.002 :v5.10.0
3GPP TS 29.002 :v6.8.0
3GPP TS 29.002 :v6.14.0
3GPP TS 29.002 :v7.8.0
Am I right in my understanding or i m misleading at this point.
If i m misleading than which versions are possible?
for a given application context, only one version of the MAP
protocol is implemented thast true but for different application 
context we can have different MAP version as stated above.
Do we have any mapping from Application context to map version.
Like if application context is 0 what is the map version used.
Like if application context is 1 what is the map version used.
....
Like if application context is 5 what is the map version used.and so on.
Yes about the PC use now i got clear idea.Thanks for that.
so with Dest TID and Orig TransID we need to also compare PCs to 
find esact session.
How ever for ur information Frame 3 contains data from real 
traffic.so we can not assume messed up data. 
Once again thanks for ur valuable time to help me to understand the things.
:)
Br
Tulip
    Hello,
 
Wireshark manage only one version of the GSM MAP, this version is defined
within the ASN files in the gsm map sources.
In the current application, one of the latest GSM MAP ASN definition is used,
and additional messages related to previous version have been included.
This means, for a given application context, only one version of the MAP
protocol is implemented. 
So, you can not ask to decode a message with 3GPP TS 29.002 :v5.10.0 or 3GPP TS
29.002 :v6.8.0.
 
For your second question, you can have several equipment (so different Point
Code) using the same TCAP transaction ID, so if you don't check the PC, you
will mix several session.
 
For frame 2, I need to check with the ASN1 definition of the message to know if
this is a bad decoding.
 
Regards
Florent
________________________________

De : wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] De la part de tulip neo
Envoy? : mercredi 7 janvier 2009 15:31
? : wireshark-dev@xxxxxxxxxxxxx
Objet : [Wireshark-dev] Help on understanding Application context in TCAPto be
used by GSM MAP


Hi List,
Good Evening.
I have a problem with  GSM MAP Decoding.So according to the  implimentaion map 
rel version should be determined dynamically based on application context.
I undesrstand it this way.Application conext is used if its recieved by
traffic. 
if its recived and the call alreday exist than we may fall back with mismatch.
My question is How do i know which version of GSM map wireshark uses
internally for a specific message.(Well need to debug is there any other way).
There seem to be no version checking except some checking with application
context value 1,2
and 3.Wireshark checks only application_context_version ==3 nd in some cases
<3 .I m intrested to know is it only handled this way or some other way out.
I Know that the following version release are possible in case of GSM MAP.
GSM 09.02 Ph 1 :v3.11.0
GSM 09.02 Ph 2 :v4.19.1
3GPP TS 29.002 :v3.12.0
3GPP TS 29.002 :v4.13.0
3GPP TS 29.002 :v5.7.0
3GPP TS 29.002 :v5.10.0
3GPP TS 29.002 :v6.8.0
3GPP TS 29.002 :v6.14.0
3GPP TS 29.002 :v7.8.0
Which version wireshark currently supports.
I see only the following from sources:
ETSI TS 129 002
ETSI TS 129 002 V7.5.0 (3GPP TS 29.002 V7.5.0 (2006-09) Release 7)
ETSI TS 129 002 V8.4.0 (3GPP TS 29.002 V8.1.0 (2007-06) Release 8)
3GPP TS 24.080
secondly i saw from sources that it is using MTP3 PC to match a call.I
understand 
it this way when we have a message,we check for
OID(Source/destnination).continue 
can have both while begin has source and abort/end have destination.so
comparing 
previously recived message with recently recived message we can find the
matching 
call but i m wondering why MTP3 PC is used.
I have attached a smaple trace where frame 1 and 3 belong to same transaction.
frame 1 is begin and frame 3 is end.begin message at frame 1 source transaction

id C746F173 is same as end messae at frame 3(dest trans id C746F173).both have
application-context-name: 0.4.0.0.1.0.24.2 (mwdMngtContext-v2).
so in this case v2 is used.if with end message there would not have been any 
application-context-name than it would have used begin's Application
context name.
on the other hand in frame 2 it gives some decoding error.is it the case that
wireshark 
has a bug or some thing else.
Any help/pointer on this would help me really to understand the transaction
management in TCAP.
Br
tulip
 

________________________________

Add more friends to your messenger and enjoy! Invite them now.
<http://in.rd.yahoo..com/tagline_messenger_6/*http://messenger.yahoo.com/invite/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-dev/attachments/20090107/40a3baf9/attachment.htm


------------------------------

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev


End of Wireshark-dev Digest, Vol 32, Issue 9
********************************************


Add more friends to your messenger and enjoy! Invite them now.