Wireshark-dev: [Wireshark-dev] IMSI Dissection API?

From: Tyson Key <tyson.key@xxxxxxxxx>
Date: Thu, 6 Jan 2011 14:59:14 +0000
Hi,

I'm currently working on enhancing an *external dissector for Nokia's Intelligent Service Interface protocol.

So far, pretty much everything seems to work nicely, although I'm struggling to find the best way to dissect the IMSI strings in certain packets produced by the SIM resource, such as this one (starts after the Service Type byte):

No.     Time        Source                Destination           Protocol Resource   Info
   436 36.824462   Modem                 Unknown               ISI      SIM        Read IMSI Response

Frame 436: 37 bytes on wire (296 bits), 37 bytes captured (296 bits)
Linux cooked capture
Intelligent Service Interface
   Receiver Device: Unknown (0x10)
   Sender Device: Modem (0x00)
   Resource: SIM (0x09)
   Length: 15
   Receiver Object: 0x42
   Sender Object: 0x34
   Packet ID: 8
   Payload
       Message ID: SIM_IMSI_RESP_READ_IMSI (0x1e)
       Service Type: READ_IMSI (0x2d)

0000  00 00 03 34 00 01 1b 1c df 82 91 45 00 00 00 f5   ...4.......E....
0010  10 00 09 00 0f 42 34 08 1e 2d 01 08 29 43 01 70   .....B4..-..)C.p
0020  33 65 49 32 fc                                    3eI2.

I've tried to import the epan/dissectors/packet-gsm_map.h header in order to use the dissect_gsm_map_IMSI() method, although my code doesn't even compile afterwards - it bails out with a stream of errors such as:

[CC] src/isi-sim.c
In file included from src/isi-sim.c:27:
packet-gsm_map-template.h:54: error: expected ‘;’, ‘,’ or ‘)’ before ‘_U_’
packet-gsm_map-template.h:55: error: expected ‘;’, ‘,’ or ‘)’ before ‘_U_’
In file included from src/isi-sim.c:27:
packet-gsm_map-exp.h:4: error: expected ‘;’, ‘,’ or ‘)’ before ‘_U_’
In file included from src/isi-sim.c:27:
packet-gsm_map-exp.h:8: error: expected ‘;’, ‘,’ or ‘)’ before ‘_U_’
packet-gsm_map-exp.h:14: error: expected ‘;’, ‘,’ or ‘)’ before ‘_U_’
packet-gsm_map-exp.h:15: error: expected ‘;’, ‘,’ or ‘)’ before ‘_U_’
packet-gsm_map-exp.h:16: error: expected ‘;’, ‘,’ or ‘)’ before ‘_U_’
packet-gsm_map-exp.h:17: error: expected ‘;’, ‘,’ or ‘)’ before ‘_U_’
packet-gsm_map-exp.h:18: error: expected ‘;’, ‘,’ or ‘)’ before ‘_U_’

[Stream of messages continues to line 102 of that file]

I'm currently using Wireshark 1.5.0-SVN-35030 under Fedora 12, although I plan to update this machine to a newer SVN revision soon.

* https://bitbucket.org/vmlemon/usb_isi_dissector_for_wireshark/

Thanks,
Tyson.

--
                                          Fight Internet Censorship! http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844