Wireshark-users: [Wireshark-users] stack mms/COTP/CLNP

From: "Angel de Juan" <aldjcurro@xxxxxxxxxxx>
Date: Wed, 09 Aug 2006 07:42:06 +0000
I'm using the latest release (0.99.2) WIN version. The stack that I'm trying to decode is MMS/PRES/SES/COTP/CLNP/LLC/Ethernet. The messages captured now can be decoded only up to PRES layer. The hex above PRES does not seem to be decoded, and the following message is displayed "dissector is not available". At preference menu, I don't see anywhere can specify "ASN.1" for mms. Did I do something wrong or, the current release does not support ANS.1 encoding for mms. I have seen an example of stack MMS/TCP/IP.

Does anyone know if there is a  plug-in can be installed to support this?

Thanks!

Angel

I attached an example capture in order to show the problem I have.

Frame 220 (597 bytes on wire, 597 bytes captured)
   Arrival Time: Aug  4, 2006 10:17:09.210874000
   Time delta from previous packet: 3.630841000 seconds
   Time since reference or first frame: 50.104591000 seconds
   Frame Number: 220
   Packet Length: 597 bytes
   Capture Length: 597 bytes
   Frame is marked: False
   Protocols in frame: eth:llc:clnp:ses:pres
IEEE 802.3 Ethernet
   Destination: CompaqCo_80:0a:6b (00:08:02:80:0a:6b)
       Address: CompaqCo_80:0a:6b (00:08:02:80:0a:6b)
       .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame
.... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address
   Source: Telemeca_00:0d:06 (00:80:f4:00:0d:06)
       Address: Telemeca_00:0d:06 (00:80:f4:00:0d:06)
       .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame
.... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address
   Length: 583
Logical-Link Control
   DSAP: ISO Network Layer (0xfe)
   IG Bit: Individual
   SSAP: ISO Network Layer (0xfe)
   CR Bit: Command
   Control field: U, func=UI (0x03)
       000. 00.. = Command: Unnumbered Information (0x00)
       .... ..11 = Frame type: Unnumbered frame (0x03)
ISO 8473 CLNP ConnectionLess Network Protocol
   Network Layer Protocol Identifier: CLNP (0x81)
   HDR Length   : 57
   Version      : 1
   Holding Time : 3 (1.5 secs)
   PDU Type     : 0x9c (S DT)
       1... .... = Segmentation permitted
       .0.. .... = Last segment
       ..0. .... = Don't report error if PDU discarded
       ...1 1100 = Data
   PDU length   : 580
   Checksum     : 0x0000
   DAL : 20
    DA : [47|00:05][80|ff:fd:00|00:00][02:00|00:7e]0400.3001.0000[01]
   SAL : 20
    SA : [47|00:05][80|ff:fd:00|00:00][02:00|00:7e]0431.2206.0000[01]
   Data unit identifier: 018674
   Segment offset      :      0
   Total length        :    580
   ### No Options for this PDU ###
ISO 8073 COTP Connection-Oriented Transport Protocol
   Length: 7
   PDU Type: DT Data (0x0f)
   Destination reference: 0x880a
   TPDU number: 0x00006b06
   1... .... .... .... .... .... .... .... = Last data unit: Yes
ISO 8327-1 OSI Session Protocol
   SPDU Type: Give tokens PDU (1)
   Length: 0
ISO 8327-1 OSI Session Protocol
   SPDU Type: DATA TRANSFER (DT) SPDU (1)
   Length: 0
ISO 8823 OSI Presentation Protocol
   user-data: fully-encoded-data (1)
       fully-encoded-data: 1 item
           Item
               presentation-context-identifier: 3
               presentation-data-values: single-ASN1-type (0)
                   dissector is not available
single-ASN1-type: A38201ECA08201E8A0143012A010800E535F4449475F4D45...

0000  00 08 02 80 0a 6b 00 80 f4 00 0d 06 02 47 fe fe   .....k.......G..
0010  03 81 39 01 03 9c 02 44 00 00 14 47 00 05 80 ff   ..9....D...G....
0020  fd 00 00 00 02 00 00 7e 04 00 30 01 00 00 01 14   .......~..0.....
0030  47 00 05 80 ff fd 00 00 00 02 00 00 7e 04 31 22   G...........~.1"
0040  06 00 00 01 48 f2 00 00 02 44 07 f0 88 0a 80 00   ....H....D......
0050  6b 06 01 00 01 00 61 82 01 fb 30 82 01 f7 02 01   k.....a...0.....
0060  03 a0 82 01 f0 a3 82 01 ec a0 82 01 e8 a0 14 30   ...............0
0070  12 a0 10 80 0e 53 5f 44 49 47 5f 4d 45 53 53 41   .....S_DIG_MESSA
0080  47 45 53 a0 82 01 ce a2 82 01 ca 86 01 01 86 01   GES.............
0090  1a 8a 1a 33 31 54 4d 5f 32 32 5f 41 47 30 34 20   ...31TM_22_AG04
00a0  20 20 20 20 20 20 20 20 20 20 20 20 20 86 01 0a                ...
00b0  86 01 00 86 01 00 86 01 00 a1 81 b7 86 01 00 86   ................
00c0  01 00 86 01 00 86 02 01 90 86 01 00 86 01 00 86   ................
00d0  01 00 86 01 00 86 01 00 86 02 01 90 86 01 00 86   ................
00e0  01 00 86 01 00 86 01 00 86 01 00 86 02 01 90 86   ................
00f0  01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01   ................
0100  00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00   ................
0110  86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86   ................
0120  01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01   ................
0130  00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00   ................
0140  86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86   ................
0150  01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01   ................
0160  00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00   ................
0170  86 01 00 a1 3c 86 01 00 86 01 00 86 01 00 86 01   ....<...........
0180  00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00   ................
0190  86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86   ................
01a0  01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01   ................
01b0  00 8a 64 20 20 20 20 20 20 20 20 20 20 20 20 20   ..d
01c0  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
01d0  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
01e0  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
01f0  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0200  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0210  20 20 20 20 20 20 20 a1 3c 86 01 00 86 01 00 86          .<.......
0220  01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01   ................
0230  00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00   ................
0240  86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86   ................
0250  01 00 86 01 00                                    .....

_________________________________________________________________
Grandes �xitos, superh�roes, imitaciones, cine y TV... http://es.msn.kiwee.com/ Lo mejor para tu m�vil.