Wireshark-dev: Re: [Wireshark-dev] Decode MTP3 message

From: Martin Kaiser <lists@xxxxxxxxx>
Date: Fri, 24 Feb 2012 15:01:08 +0100
Thus wrote Anya Verizi (anya_verizi@xxxxxxxxxxx):

> I have to decode this sequence 02 00 10 c0 00 19 81 0f 0f 00 2c 01 01 11 02 16 00 00 but when I put it in txt and run as pcap I got this

> Frame 1 (23 bytes on wire, 23 bytes captured)
>     Arrival Time: Feb 24, 2012 13:38:09.000000000
>     [Time delta from previous captured frame: 0.000000000 seconds]
>     [Time delta from previous displayed frame: 0.000000000 seconds]
>     [Time since reference or first frame: 0.000000000 seconds]
>     Frame Number: 1
>     Frame Length: 23 bytes
>     Capture Length: 23 bytes
>     [Frame is marked: False]
>     [Protocols in frame: mtp3:isup]
> Message Transfer Part Level 3
>     Service information octet
>         00.. .... = Network indicator: International network (0x00)
>         ..00 .... = Spare: 0x00
>         .... 0101 = Service indicator: ISUP (0x05)
>     Routing label
>         .... .... .... .... ..00 0000 0000 0000 = DPC: 0
>         .... 0000 0000 0000 00.. .... .... .... = OPC: 0
>         0000 .... .... .... .... .... .... .... = Signalling Link Selector: 0
> ISDN User Part
>     CIC: 2
>     Message type: Release complete (16)
>     Pointer to start of optional part: 192
> [Malformed Packet: ISUP]
>     [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
>         [Message: Malformed Packet (Exception occurred)]
>         [Severity level: Error]
>         [Group: Malformed]

> 0000  05 00 00 00 00 02 00 10 c0 00 19 81 0f 0f 00 2c   ...............,
> 0010  01 01 11 02 16 00 00                              .......

I tried your sequence

[martin@homePc]$ cat a.t2p 

000000   02 00 10 c0 00 19 81 0f 0f 00 2c 01 01 11 02 16 00 00

[martin@homePc]$ ./text2pcap -l 141 !$ a.pcap

[martin@homePc ]$ ./tshark -r a.pcap -V -x

Frame 1: 18 bytes on wire (144 bits), 18 bytes captured (144 bits) on
interface 0
    Interface id: 0
    Arrival Time: Feb 24, 2012 14:57:52.000000000 CET
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1330091872.000000000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 18 bytes (144 bits)
    Capture Length: 18 bytes (144 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: mtp3:mtp3mg]
Message Transfer Part Level 3
    Service information octet
        00.. .... = Network indicator: International network (0x00)
        ..00 .... = Spare: 0x00
        .... 0010 = Service indicator: Maintenance Special Message
(MTNS) (0x02)
    Routing label
        .... .... .... .... ..01 0000 0000 0000 = DPC: 4096
            Signalling Area Network Code (SANC): Liechtenstein
(Principality of) (2-000)
            Unique Signalling Point Name: LTN ISC Vaduz
            Signalling Point Operator Name: LTN Liechtenstein TeleNet AG
        .... 0000 1100 0000 00.. .... .... .... = OPC: 768
            Signalling Area Network Code (SANC): Unknown (0-096)
            Unique Signalling Point Name: Unknown
            Signalling Point Operator Name: Unknown
        0000 .... .... .... .... .... .... .... = Signalling Link
Selector: 0
Message Transfer Part Level 3 Management
    .... 1001 = H0 (Message Group): Unknown (0x09)
    Unknown message (13 bytes)

0000  02 00 10 c0 00 19 81 0f 0f 00 2c 01 01 11 02 16   ..........,.....
0010  00 00                                             ..


your problem is the leading 05 00 00 00 00 bytes