Wireshark-users: Re: [Wireshark-users] ISDN Layer 3 decode

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 24 Oct 2011 11:26:57 -0700
On Oct 24, 2011, at 11:12 AM, Keith French wrote:

> Yes I can give you the L2 & L3 hex in the CSV or text format.

The hex dumps would probably be best in text format.

> As I said I now believe the "Export to Ethereal" is only for their ADSL & Ethernet analysers, so we can forget that.

"Only for their ADSL & Ethernet analysers" in the sense that there's no "Export to Ethereal" menu item or whatever if you have an ISDN analyzer, or in the sense that there is one but it produces something bogus?  If the latter, it might still be useful, so if this file

> The software that I would really like to load into Wireshark is Aethra's PC_108XP. This software serves as the expert software for many of their analysers and I think now that the "Export to Ethereal" option (I take your point about the possible age of formats here), is only for their ADSL & Ethernet analysers, not my ISDN, & Q.Sig analyser. Capinfos cannot open its native .aps format, using the Export to Ethereal to a .cap shows up in capinfos as:-
> 
> File name:           C:\Users\Keith\Desktop\Environment Agency\QSig Traces\test.cap
> File type:           Wireshark/tcpdump/... - libpcap
> File encapsulation:  OpenBSD PF Firewall logs, pre-3.4
> Packet size limit:   file hdr: 65535 bytes
> Number of packets:   83531
> File size:           2506192 bytes
> Data size:           1169672 bytes
> Capture duration:    58678 seconds
> Start time:          Fri Sep 30 00:00:03 2011
> End time:            Fri Sep 30 16:18:01 2011
> Data byte rate:      19.93 bytes/sec
> Data bit rate:       159.47 bits/sec
> Average packet size: 14.00 bytes
> Average packet rate: 1.42 packets/sec
> SHA1:                7aa7ce58093463bd11982bbcdc1c39e39d748be2
> RIPEMD160:           f79a3d30c8c0dd243d30862d16b0e09edf8a5d8c
> MD5:                 6fc2c284d73001665fb1b9516a089b92
> Strict time order:   True

came from "Export to Ethereal" on an ISDN analyzer, I'd like to see it, along with its corresponding .aps file, and to see the other pcap files generated from the other .aps files.

> Currently I only have a few traces, I can do many more in about three weeks, both of my analysers are currently at customers at the moment. When I get them back I'll get you traces from my lab of any ASN.1 you need.
> 
> Do you just want me to attach them to one of these emails to Wireshark-users?

Probably the best thing to do would be to file an enhancement request on bugs.wireshark.org for Aethera support and attach the files to the bug.