Wireshark-users: Re: [Wireshark-users] Help decoding GSM SMS (no crypt)

From: reginaldo salles <reginaldosalles1972@xxxxxxxxx>
Date: Sat, 7 May 2016 18:55:46 -0300
thank you.
will wait for a patch.

On Sat, May 7, 2016 at 10:44 AM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:
Hi Reginaldo,

2016-05-07 1:19 GMT+02:00 reginaldo salles <reginaldosalles1972@xxxxxxxxx>:
I can not see the contents of the SMS capture in plaintext.
Traffic does not have encryption and still can not see the content of the SMS. Wireshark bug?
Anybody know how to figure out this problem?

wireshark .cap file: https://www.cloudshark.org/captures/504bc91928e3
wcpdump .cap file:  https://www.cloudshark.org/captures/9ec3f39d2c03

The LAPDm reassembly code gets confused by your capture:
-  the ICMP error packets are included in the reassembly table while they should not be
- the LAPDm retransmissions (with the polling bit set) are also wrongly included in the reassembly table

I'm gonna fix those bugs but in the meantime you can manually exclude those packets to get a proper dissection.
In the SMS_TCPDUMP.cap file, keep packets 1, 5, 6, 8, 9, 11, 15, 16, 18 and 19.

Regards,
Pascal.


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe