Wireshark-users: Re: [Wireshark-users] ISDN Layer 3 decode

From: "Keith French" <keithfrench@xxxxxxxxxxxxx>
Date: Mon, 24 Oct 2011 19:12:30 +0100
Yes I can give you the L2 & L3 hex in the CSV or text format. As I said I now believe the "Export to Ethereal" is only for their ADSL & Ethernet analysers, so we can forget that. Currently I only have a few traces, I can do many more in about three weeks, both of my analysers are currently at customers at the moment. When I get them back I'll get you traces from my lab of any ASN.1 you need.

Do you just want me to attach them to one of these emails to Wireshark-users?

-----Original Message----- From: Guy Harris
Sent: Monday, October 24, 2011 12:53 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] ISDN Layer 3 decode


On Oct 23, 2011, at 2:13 PM, Keith French wrote:

OK I can do that, I have a trace of a very simple Q.Sig call, however the text or CSV options do not show the detailed decode at layer 3 that is contained within the .aps files, they only show the summary view (very like the appearance of a normal Wireshark trace.

Presumably you mean "like the appearance of the summary view in Wireshark", i.e. the entries in the packet list pane.

How do you want me to send them to you?

I infer, perhaps incorrectly, from your earlier message:

I have an ISDN (E1) analyser that cannot decode Q.Sig�s ASN1 notation holding information about call transfers etc. I know from another analyser that can export its D channel decode in Wireshark format, that Wireshark has an excellent decode for this.

Is there any way I can take the raw hex at layers 2 & 3 (LAPD layer 2) for each message and via something like text2pcap get Wireshark to decode this for me?

I have tried a syntax like:-

text2pcap input.txt output.pcap

but it just reports that it has read 0 packets.

The input file just contains the hex from one message, I have tried combining the layer 2 & 3 hex and just using the L3 hex.

that the Aethra software can dump the raw hex contents of the packet. That's the information we really need, so that we can try to find, within the binary .aps file, the raw packet data. Any "meta-data" shown by the analyzer, whether it's in the form of a Wireshark-like detailed dissection or even just a summary view, would also be useful; packets are probably time-stamped, so the time stamps for all the packets would be useful. There might be other metadata, such as packet direction (user-to-network or network-to-user), channel, etc. in the summary, or in a CSV dump, or even in a screenshot. The more, the better.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe