> Date: Fri, 24 Feb 2012 09:24:37 -0500
> From: jeff.morriss.ws@xxxxxxxxx
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: Re: [Wireshark-dev] Decode MTP3 message
>
> Martin Kaiser wrote:
> > Thus wrote Anya Verizi (anya_verizi@xxxxxxxxxxx):
> >
> >> I have to decode this sequence 02 00 10 c0 00 19 81 0f 0f 00 2c 01 01 11 02 16 00 00 but when I put it in txt and run as pcap I got this
>
> > your problem is the leading 05 00 00 00 00 bytes
>
>
> Those bytes starting at 05 are, presumably, a fake MTP3 header (i.e.,
> the sequence above is just ISUP but there's no DLT for just ISUP).
>
> Do you know what (ISUP) message type this is supposed to be? It's
> clearly not an RLC (0x10). I don't think it's a Subsequent Address
> (0x02) and 0x00 and 0xc0 aren't valid either.
>
> Or, do you know what the 02 is supposed to be? The first octet of...
>
> Are you sure this is ISUP?
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe