Wireshark-users: Re: [Wireshark-users] stack mms/COTP/CLNP

From: "Anders Broman" <a.broman@xxxxxxxxx>
Date: Wed, 9 Aug 2006 10:38:08 +0200
Hi,
Wireshark needs the frames setting up the connection to be able to decode
what follows after the presentation level eg knowing what the the
" presentation-context-identifier: 3" is. Presumably an OID is identifying
this at setup.
Brg
Anders

-----Ursprungligt meddelande-----
Från: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] För Angel de Juan
Skickat: den 9 augusti 2006 09:42
Till: wireshark-users@xxxxxxxxxxxxx
Ämne: [Wireshark-users] stack mms/COTP/CLNP

I'm using the latest release (0.99.2) WIN version. The stack that I'm trying

to decode is MMS/PRES/SES/COTP/CLNP/LLC/Ethernet. The messages captured now 
can be decoded only up to PRES layer. The hex above PRES does not seem to be

decoded, and the following message is displayed "dissector is not 
available".
At preference menu, I don't see anywhere can specify "ASN.1" for mms. Did I 
do something wrong or, the current release does not support ANS.1 encoding 
for mms. I have seen an example of stack MMS/TCP/IP.

Does anyone know if there is a  plug-in can be installed to support this?

Thanks!

Angel

I attached an example capture in order to show the problem I have.

Frame 220 (597 bytes on wire, 597 bytes captured)
    Arrival Time: Aug  4, 2006 10:17:09.210874000
    Time delta from previous packet: 3.630841000 seconds
    Time since reference or first frame: 50.104591000 seconds
    Frame Number: 220
    Packet Length: 597 bytes
    Capture Length: 597 bytes
    Frame is marked: False
    Protocols in frame: eth:llc:clnp:ses:pres
IEEE 802.3 Ethernet
    Destination: CompaqCo_80:0a:6b (00:08:02:80:0a:6b)
        Address: CompaqCo_80:0a:6b (00:08:02:80:0a:6b)
        .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame
        .... ..0. .... .... .... .... = Locally Administrated Address: This 
is a FACTORY DEFAULT address
    Source: Telemeca_00:0d:06 (00:80:f4:00:0d:06)
        Address: Telemeca_00:0d:06 (00:80:f4:00:0d:06)
        .... ...0 .... .... .... .... = Multicast: This is a UNICAST frame
        .... ..0. .... .... .... .... = Locally Administrated Address: This 
is a FACTORY DEFAULT address
    Length: 583
Logical-Link Control
    DSAP: ISO Network Layer (0xfe)
    IG Bit: Individual
    SSAP: ISO Network Layer (0xfe)
    CR Bit: Command
    Control field: U, func=UI (0x03)
        000. 00.. = Command: Unnumbered Information (0x00)
        .... ..11 = Frame type: Unnumbered frame (0x03)
ISO 8473 CLNP ConnectionLess Network Protocol
    Network Layer Protocol Identifier: CLNP (0x81)
    HDR Length   : 57
    Version      : 1
    Holding Time : 3 (1.5 secs)
    PDU Type     : 0x9c (S DT)
        1... .... = Segmentation permitted
        .0.. .... = Last segment
        ..0. .... = Don't report error if PDU discarded
        ...1 1100 = Data
    PDU length   : 580
    Checksum     : 0x0000
    DAL : 20
     DA : [47|00:05][80|ff:fd:00|00:00][02:00|00:7e]0400.3001.0000[01]
    SAL : 20
     SA : [47|00:05][80|ff:fd:00|00:00][02:00|00:7e]0431.2206.0000[01]
    Data unit identifier: 018674
    Segment offset      :      0
    Total length        :    580
    ### No Options for this PDU ###
ISO 8073 COTP Connection-Oriented Transport Protocol
    Length: 7
    PDU Type: DT Data (0x0f)
    Destination reference: 0x880a
    TPDU number: 0x00006b06
    1... .... .... .... .... .... .... .... = Last data unit: Yes
ISO 8327-1 OSI Session Protocol
    SPDU Type: Give tokens PDU (1)
    Length: 0
ISO 8327-1 OSI Session Protocol
    SPDU Type: DATA TRANSFER (DT) SPDU (1)
    Length: 0
ISO 8823 OSI Presentation Protocol
    user-data: fully-encoded-data (1)
        fully-encoded-data: 1 item
            Item
                presentation-context-identifier: 3
                presentation-data-values: single-ASN1-type (0)
                    dissector is not available
                    single-ASN1-type: 
A38201ECA08201E8A0143012A010800E535F4449475F4D45...

0000  00 08 02 80 0a 6b 00 80 f4 00 0d 06 02 47 fe fe   .....k.......G..
0010  03 81 39 01 03 9c 02 44 00 00 14 47 00 05 80 ff   ..9....D...G....
0020  fd 00 00 00 02 00 00 7e 04 00 30 01 00 00 01 14   .......~..0.....
0030  47 00 05 80 ff fd 00 00 00 02 00 00 7e 04 31 22   G...........~.1"
0040  06 00 00 01 48 f2 00 00 02 44 07 f0 88 0a 80 00   ....H....D......
0050  6b 06 01 00 01 00 61 82 01 fb 30 82 01 f7 02 01   k.....a...0.....
0060  03 a0 82 01 f0 a3 82 01 ec a0 82 01 e8 a0 14 30   ...............0
0070  12 a0 10 80 0e 53 5f 44 49 47 5f 4d 45 53 53 41   .....S_DIG_MESSA
0080  47 45 53 a0 82 01 ce a2 82 01 ca 86 01 01 86 01   GES.............
0090  1a 8a 1a 33 31 54 4d 5f 32 32 5f 41 47 30 34 20   ...31TM_22_AG04
00a0  20 20 20 20 20 20 20 20 20 20 20 20 20 86 01 0a                ...
00b0  86 01 00 86 01 00 86 01 00 a1 81 b7 86 01 00 86   ................
00c0  01 00 86 01 00 86 02 01 90 86 01 00 86 01 00 86   ................
00d0  01 00 86 01 00 86 01 00 86 02 01 90 86 01 00 86   ................
00e0  01 00 86 01 00 86 01 00 86 01 00 86 02 01 90 86   ................
00f0  01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01   ................
0100  00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00   ................
0110  86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86   ................
0120  01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01   ................
0130  00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00   ................
0140  86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86   ................
0150  01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01   ................
0160  00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00   ................
0170  86 01 00 a1 3c 86 01 00 86 01 00 86 01 00 86 01   ....<...........
0180  00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00   ................
0190  86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86   ................
01a0  01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01   ................
01b0  00 8a 64 20 20 20 20 20 20 20 20 20 20 20 20 20   ..d
01c0  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
01d0  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
01e0  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
01f0  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0200  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0210  20 20 20 20 20 20 20 a1 3c 86 01 00 86 01 00 86          .<.......
0220  01 00 86 01 00 86 01 00 86 01 00 86 01 00 86 01   ................
0230  00 86 01 00 86 01 00 86 01 00 86 01 00 86 01 00   ................
0240  86 01 00 86 01 00 86 01 00 86 01 00 86 01 00 86   ................
0250  01 00 86 01 00                                    .....

_________________________________________________________________
Grandes éxitos, superhéroes, imitaciones, cine y TV... 
http://es.msn.kiwee.com/ Lo mejor para tu móvil.

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users