Wireshark-users: [Wireshark-users] LAPD decode problem
From: "Harvey, James B." <Jim.Harvey@xxxxxxxxxxx>
Date: Fri, 17 Jul 2009 08:59:56 -0500
I have traces captured by an Agilent J2300 Advisor. The protocol is FTAM over CLNP over LAPD. The Advisor decodes LAPD but no higher. I have not found a way to convert these trace files to .PCAP directly so I print to file the capture hex only, then massage the print file with TCL to get something I can feed to text2pcap. Looks like this: 000000 f8 01 dc 4c 81 3c 01 13 9c 01 bc 00 00 14 39 84 000010 0f 80 00 00 00 00 00 00 00 00 01 00 10 cf d2 10 000020 c2 1d 14 39 84 0f 80 00 00 00 00 00 00 00 00 01 000030 10 b0 c7 03 63 6d 1d 58 2a 00 00 01 bc cd 01 00 000040 04 f0 58 01 0d b5 b6 13 77 32 c1 8c 76 60 90 df 000050 f9 d5 06 1a 33 4e 4f 4e d8 41 9e 6d 38 0f 5d d3 000060 32 28 48 58 08 c9 6c 95 6f 53 90 cb c6 cb 2c c5 000070 48 c9 b7 c5 3c 64 bf 6e 92 e1 26 69 3f d3 2e 9b 000080 5a 01 9e 87 cb a9 41 73 bd c1 54 50 bd 6b 3f 5e 000090 03 ed 27 51 f3 5c 6d 3f 2b c8 39 63 02 bb d3 bd 0000a0 9b 58 8c cd f4 55 90 b1 f8 65 d4 5a 72 38 cd 89 0000b0 0f 61 7e f2 7c a9 29 af eb ae f9 64 6a c0 89 22 0000c0 4f ce 69 a2 52 36 40 8a a5 7e 24 bc 4c 4c 1a 9f 0000d0 1c a5 a5 05 d4 24 e1 b0 a5 d8 1e c6 d3 09 28 c9 0000e0 b6 9f 15 ec 75 32 34 8e fc a5 40 5e 37 e0 52 11 0000f0 7a 56 7d 49 12 d0 4f 3b 0e 52 b3 01 63 57 de c2 000100 d4 53 d4 95 bc 9a 7c c1 c6 ae e7 31 49 ba 99 7a 000110 e7 97 37 bf 49 b2 57 6d c6 cc d8 af 3c 48 72 81 000120 92 c1 c3 04 82 04 00 c6 f1 8d 0e f7 af 1f 0b d7 000130 86 c4 f8 fa 06 81 d4 61 e0 c1 ac b9 90 83 1c ea 000140 10 d9 c2 f3 bc 24 c6 ae 85 19 35 52 d5 76 73 68 000150 4f 3e 5b ca 1a d8 87 d7 4f 4e 70 3b d7 8d 77 43 000160 41 1d 09 1e 11 cd 5a b2 b3 f6 5c 7e 7e 0e c3 70 000170 15 ba c9 98 7d 7b eb 9a 5c a6 10 6f f2 b1 a5 a4 000180 80 6b c9 93 bc cb b9 04 66 e9 39 07 85 4e 72 42 000190 29 65 06 e4 ed 42 65 21 e9 24 27 3b cf ff d5 80 0001a0 c5 76 7f 58 22 e8 ec ed 8d 0e 64 ce 0f 5e 1e fe 0001b0 1c 15 2f 63 e2 d9 a8 74 82 02 d8 be 3d 94 9d e0 0001c0 c1 13 000000 f8 01 01 dc c8 31 000000 fa 01 4e dc 81 3c 01 32 9c 00 41 00 00 14 39 84 000010 0f 80 00 00 00 00 00 00 00 00 01 10 b0 c7 03 63 000020 6d 1d 14 39 84 0f 80 00 00 00 00 00 00 00 00 01 000030 00 10 cf d2 10 c2 1d 4c da 00 00 00 41 cd 01 00 000040 04 6f 58 05 0d 90 82 This is an FTAM data PDU, a LAPD ack, and I think an FTAM ack. Text2pcap does convert, Wireshark loads but won't decode. The Analyze -> Decode As menu item is not available so I can't force it. Anyone have a suggestion how to deal with this? I am using Wireshark 1.2 on windows XP. Jim Harvey ============================================================ The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any reproduction, dissemination or distribution of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Tellabs ============================================================
- Follow-Ups:
- Re: [Wireshark-users] LAPD decode problem
- From: Guy Harris
- Re: [Wireshark-users] LAPD decode problem
- Prev by Date: Re: [Wireshark-users] filtering in non-GUI mode
- Next by Date: Re: [Wireshark-users] filtering in non-GUI mode
- Previous by thread: Re: [Wireshark-users] filtering in non-GUI mode
- Next by thread: Re: [Wireshark-users] LAPD decode problem
- Index(es):