Wireshark-dev: Re: [Wireshark-dev] Decode MTP3 message

From: Anya Verizi <anya_verizi@xxxxxxxxxxx>
Date: Fri, 24 Feb 2012 14:10:35 +0100
I have to decode this sequence 02 00 10 c0 00 19 81 0f 0f 00 2c 01 01 11 02 16 00 00 but when I put it in txt and run as pcap I got this

Frame 1 (23 bytes on wire, 23 bytes captured)
    Arrival Time: Feb 24, 2012 13:38:09.000000000
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 23 bytes
    Capture Length: 23 bytes
    [Frame is marked: False]
    [Protocols in frame: mtp3:isup]
Message Transfer Part Level 3
    Service information octet
        00.. .... = Network indicator: International network (0x00)
        ..00 .... = Spare: 0x00
        .... 0101 = Service indicator: ISUP (0x05)
    Routing label
        .... .... .... .... ..00 0000 0000 0000 = DPC: 0
        .... 0000 0000 0000 00.. .... .... .... = OPC: 0
        0000 .... .... .... .... .... .... .... = Signalling Link Selector: 0
ISDN User Part
    CIC: 2
    Message type: Release complete (16)
    Pointer to start of optional part: 192
[Malformed Packet: ISUP]
    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
        [Message: Malformed Packet (Exception occurred)]
        [Severity level: Error]
        [Group: Malformed]

0000  05 00 00 00 00 02 00 10 c0 00 19 81 0f 0f 00 2c   ...............,
0010  01 01 11 02 16 00 00                              .......



> Date: Fri, 24 Feb 2012 13:51:42 +0100
> From: lists@xxxxxxxxx
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: Re: [Wireshark-dev] Decode MTP3 message
>
> Thus wrote Anya Verizi (anya_verizi@xxxxxxxxxxx):
>
> > Can anyone know how I can decode MTP3 message? For example I put code
> > in txt file and then to pcap (text2pcap -l 141 file.txt file.pcap
> > ), but when I open it in wireshark I got malformed packet:ISUP? Do I
> > )must put some in txt file before?
>
> in the input file for text2pcap, each line must start with an offset
> e.g. if your packet contains 0x1 0x2, the input line for text2pcap should be
>
> 000000 0x01 0x02
>
> can you run tshark -r <your pcap file> -V -x and post the output for one
> malformed packet?
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe