Wireshark-users: Re: [Wireshark-users] stack mms/COTP/CLNP

From: "Angel de Juan" <aldjcurro@xxxxxxxxxxx>
Date: Thu, 10 Aug 2006 13:54:15 +0000

On 8/9/06, Anders Broman <a.broman@xxxxxxxxx> wrote:
> Hi,
> Wireshark needs the frames setting up the connection to be able to decode
> what follows after the presentation level eg knowing what the the
> " presentation-context-identifier: 3" is. Presumably an OID is identifying
> this at setup.

That is usually the problem. You should have a
presentation-context-definition-list in the presentation layer during
the association establishment

This should associate presentation-context-identifier '3' to the
abstract-syntax-name "1.0.9506.2.1" or "1.0.9506.2.3" (not sure
which).

If you don't have this, or it is not one of these OIDs, then you will
have a problem.

If you can send me your complete capture I will have a look for you.

Yes, it was right. Wireshark could decode mms over CPLN if it has the frames of setting up conection. But I need to be able to decode the frames which are captured in the middle of the conversation in order to solve possible problems in my net.

Is there anything thah I could do in order to decode mms over CPLD (in PRES level) as default protocol? Or I have to restart the coection every time I want to analice the net?

thanks for your help

Angel

_________________________________________________________________
Un amor, una aventura, compa��a para un viaje. Reg�strate gratis en MSN Amor & Amistad. http://match.msn.es/match/mt.cfm?pg=channel&tcid=162349