Wireshark-users: Re: [Wireshark-users] IUA decode

From: Michael Tüxen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
Date: Fri, 14 Mar 2008 13:41:40 +0100
Hi Ravi,

Wireshark is not able to dissect the packet correclty, because
the packet is not formatted correctly. Section 3.2 of RFC 4233
states that the length of the integer interface parameter is 8,
not 45 as in the trace.

So fix the implementation sending this packet.

Best regards
Michael

On Mar 13, 2008, at 10:14 PM, Ravi Rajaratnam wrote:
Thanks Weiner.
I think I did put my question correctly.?

What I am after is how to decode the q931 under IUA messages using the wireshark. I can decode v5.2 messages under V5UA without any issues. For
some reason I am unable to decode Q931 under IUA. Both IUA & V5UA are
piggybacked on SCTP. Pls refer to my previous mail attachment for sample
trace.

regards
Ravi
<<mailto:ravi.rajaratnam@xxxxxxxxxxxx>>

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Alan Jay
Weiner
Sent: Wednesday, 12 March 2008 11:25 AM
To: 'Community support list for Wireshark'
Subject: Re: [Wireshark-users] IUA decode

Hi Ravi,
I see several things about this packet:

1) it's using Adler-32 checksum instead of CRC32c  (see RFC 3309)

2) the upper-layer protocol (payload protocol identifier) is not
specified
(it is 0; for IUA it should be 0x01). I'm not sure why the rest of the
packet is decoded; it seems to me it should be treated as opaque data
and
not decoded.

Assuming that decoding it is correct, then the IUA decodes as a Release Indication (message class 0x05, message type 0x0a; see RFC 4233 section
3.1.2), and includes an Integer Interface ID as a parameter.  But the
IID
parameter length is given as 45 - it should be 8 for an integer-based
Interface ID. The parameter tag of 0x01 indicates the Integer Interface
Identifier.  Perhaps it should be 0x03 for a text-based Interface
Identifier?  (see RFC 4233 section 3.2; figures 3 and 4)

Hope this helps!

- Al Weiner -


------------------------------------------------------------------------
----
Alan Jay Weiner / Valid8.com, Inc. - Conform, Perform & Excel(tm)
500 W Cummings Park, Suite #2700, Woburn, MA 01801, USA
a.weiner@xxxxxxxxxx / Tel:+1-781-938-1221 x112, Fax +1-781-207-0550
http://www.VALID8.com

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Ravi
Rajaratnam
Sent: Tuesday, March 11, 2008 3:48 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] IUA decode

Thanks Anders.


Pls find attached a copy of file containing IUA messages. You will see
v5UA messages as well. v5UA decodes are fine.

regards
Ravi

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Anders
Broman
Sent: Tuesday, 11 March 2008 7:50 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] IUA decode

Hi,
The latest version is 0.99.8. If you can post the trace file instead we
could take a look at it to try to determine what's
wrong.
Regards
Anders

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Ravi
Rajaratnam
Sent: den 11 mars 2008 00:31
To: Community support list for Wireshark
Subject: [Wireshark-users] IUA decode

Sigtran experts!

I have captured IUA messages using wireshark and tried to extract Q931
messages and I see malformed packet.(pls refer to the attached screen
shot)

Can anyone pls help me to decode this message. Do I need to download the
latest version wireshark application to decode. If so pls let me know
the latest application.

regards

Ravi

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users