Wireshark-users: Re: [Wireshark-users] stack mms/COTP/CLNP

Date: Thu, 10 Aug 2006 16:11:09 +0200
I used to craft and spoof a "start packet" in a similar case. (or
preppend the fake packet to the .cap file)

To avoid the application misbehabing I used to have an errored
checksum in the fake start packet. (WS got it but the app didn't)

This is at least much less intrusive than restarting the connection.
still far from perfect.

On 8/10/06, Angel de Juan <aldjcurro@xxxxxxxxxxx> wrote:

>On 8/9/06, Anders Broman <a.broman@xxxxxxxxx> wrote:
> > Hi,
> > Wireshark needs the frames setting up the connection to be able to
>decode
> > what follows after the presentation level eg knowing what the the
> > " presentation-context-identifier: 3" is. Presumably an OID is
>identifying
> > this at setup.
>
>That is usually the problem. You should have a
>presentation-context-definition-list in the presentation layer during
>the association establishment
>
>This should associate presentation-context-identifier '3' to the
>abstract-syntax-name "1.0.9506.2.1" or "1.0.9506.2.3" (not sure
>which).
>
>If you don't have this, or it is not one of these OIDs, then you will
>have a problem.
>
>If you can send me your complete capture I will have a look for you.

Yes, it was right. Wireshark could decode mms over CPLN if it has the frames
of setting up conection. But I need to be able to decode the frames which
are captured in the middle of the conversation in order to solve possible
problems in my net.

Is there anything thah I could do in order to decode mms over CPLD (in PRES
level) as default protocol? Or I have to restart the coection every time I
want to analice the net?

thanks for your help

Angel

_________________________________________________________________
Un amor, una aventura, compañía para un viaje. Regístrate gratis en MSN Amor
& Amistad. http://match.msn.es/match/mt.cfm?pg=channel&tcid=162349

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users



--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan