Wireshark-dev: Re: [Wireshark-dev] ASN1 deode issue in H248 message

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Anders Broman <a.broman@xxxxxxxxxxxx>
Date: Mon, 13 Feb 2012 22:26:14 +0100
Alex Lindberg skrev 2012-02-13 21:49:
When decoding an H248 ANS1 V1 message, the following TVB is presented to dissect_h248_sequence function (epan/dissectors/packet-ber.c)

30 06 80 02 00 02 81 00

which is interpreted as:

        00.. .... = Class: UNIVERSAL (0)
        ..1. .... = P/C: Constructed Encoding
        ...1 0000 = Tag: SEQUENCE (16)
        Length: 6
        10.. .... = Class: CONTEXT (2)
        ..0. .... = P/C: Primitive Encoding
        ...0 0000 = Tag: 0
        Length: 2
        eventParamterName: 0002
        10.. .... = Class: CONTEXT (2)
        ..0. .... = P/C: Primitive Encoding
        ...0 0001 = Tag: 1
        Length: 0
        value:

The issue is that the 2nd value of the sequence in this case is a Boolean value but the decode shows a length of zero instead. 

Is there a way round this issue?
I think you need to add code to one of the h248 package sub dissectors that deals with this event or
add a new sub dissector if non exists for the package in question.
Regards
Anders

Thanks as always.
Alex Lindberg

 


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe