Marc Gr�n wrote:
I'm doing communication between two machines using the SCCP User
Adaptation (SUA) protocol. Using both Ethereal and Wireshark to capture
the corresponding packets, I realized that Ethereal shows the
connectionless datagram ones as "TCAP CLDT" (and they are said to be
malformed...) whereas Wireshark shows the same as "SUA (RFC 3868) CLDT".
Where does this divergence come from ?
Probably from a change in one of the dissectors between the two versions
of the software; the difference between "Ethereal" and "Wireshark" is
that "Ethereal" is the name the software had up to version 0.99.0 and
"Wireshark" is the name it had starting with version 0.99.2 (I don't
remember what happend to 0.99.1). See
http://www.wireshark.org/faq.html#q1.2
for why the name changed.
What are the version numbers of the two releases you're using? And do
you have a small capture file that demonstrates this (if you can just
extract one packet from the capture and read that into the two versions
and see the behavior, that would be ideal)?
Also, are the packets said to be malformed in the newer version? If so,
it might be that the older version wasn't correctly dissecting them.