Wireshark-users: Re: [Wireshark-users] NR-RRC Dissector
Hi,
If you followed the tread you could see that Pascal wrote(see below) an explanation why the solution I tried was wrong so I reverted that code and the sample does not work as you can see.
This might work:
text2pcap.exe -l 252 MIB.txt" mib.pcapng"
With the following content of the .txt file
0000 00 0c 00 18 6e 72 2d 72 72 63 2e 62 63 63 68 2e nr-rrc.mib 6e 72 2d 72 72 63 2e 6d 69 62
0010 62 63 68 00 00 00 00 00 00 00 00 00 00 00 00 00 (nr-rrc.bcch.bch 6e 72 2d 72 72 63 2e 62 63 63 68 2e 62 63 68)
0020 06 f2 d4
Regards
Anders
Hi Keval,
based on your screenshot you seem to have a proprietary encapsulation in the UDP payload (we can see the string nr-rrc and a BCCH-BCH message - that contains a MIB - is 3 bytes long only). So presumably here the real data you want to decode is 0x06f2d4?
You should request to whoever defined this encapsulation the corresponding Wiresahrk dissector / plugin that calls the NR-RRC dissector. Or use another encapsulation method as the one described by Anders.
For the payload 06f2d4, the decoding is:
NR Radio Resource Control (RRC) protocol
BCCH-BCH-Message
message: mib (0)
mib
systemFrameNumber: 0c [bit length 6, 2 LSB pad bits, 0000 11.. decimal value 3]
subCarrierSpacingCommon: scs15or60 (0)
ssb-SubcarrierOffset: 15
dmrs-TypeA-Position: pos2 (0)
pdcch-ConfigSIB1
controlResourceSetZero: 5
searchSpaceZero: 10
cellBarred: notBarred (1)
intraFreqReselection: allowed (0)
spare: 00 [bit length 1, 7 LSB pad bits, 0... .... decimal value 0]
Best regards,
Pascal.
From: Manoj Kumar <manoj@xxxxxxxxx>
Sent: den 30 oktober 2019 12:13
To: Anders Broman <anders.broman@xxxxxxxxxxxx>
Cc: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] NR-RRC Dissector
Dear Anders Broman,
Thanks for your email.
Yes, I went through this, it's just showing EXPORTED_ PDU while I'm opening the .pcapng file, What should I do, so that I'll get MIB Info also?
Thanks & Regards,
Manoj
On Wed, Oct 30, 2019 at 2:50 PM Anders Broman <anders.broman@xxxxxxxxxxxx> wrote:
Hi,
Did you check the replies to your previous mails?
https://www.wireshark.org/lists/wireshark-users/201910/msg00019.html
Regards
Anders
From: Wireshark-users <wireshark-users-bounces@xxxxxxxxxxxxx> On Behalf Of Manoj Kumar
Sent: den 29 oktober 2019 13:02
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] NR-RRC Dissector
Dear all,
Here I'm mentioning some queries, which given below :
1. I am trying to dissect NR-RRC message i.e. MIB packet, but it is not dissecting.
Could you please help me, so that it would dissect MIB of NR-RRC?
2. Is there any NR-RRC over the UDP protocol being used?
please share the relevant information w.r.t. above questions.
I tried on Wireshark-3.0.1, Wireshark-3.0.5, & Wireshark-3.1.0.
Kindly, help me to get a solution for the above queries.
Thanks & Regards,
Manoj Kumar
- References:
- [Wireshark-users] NR-RRC Dissector
- From: Manoj Kumar
- Re: [Wireshark-users] NR-RRC Dissector
- From: Anders Broman
- Re: [Wireshark-users] NR-RRC Dissector
- From: Manoj Kumar
- Re: [Wireshark-users] NR-RRC Dissector
- From: Anders Broman
- [Wireshark-users] NR-RRC Dissector
- Prev by Date: Re: [Wireshark-users] NR-RRC Dissector
- Next by Date: [Wireshark-users] Firefox not logging into $SSLKEYLOGFILE
- Previous by thread: Re: [Wireshark-users] NR-RRC Dissector
- Next by thread: [Wireshark-users] Queries on NR - RRC Dissector
- Index(es):