Wireshark-users: Re: [Wireshark-users] issue regarding run-time heuristic dissecting NR -RRC .

From: Vikas Theng <thengvikas2017@xxxxxxxxx>
Date: Wed, 26 Feb 2020 14:22:06 +0530
I did modification as you suggested, but with that modification, it is not able to dissect it as mac nr.

On Wed, Feb 26, 2020 at 12:42 PM Pascal Quantin <pascal@xxxxxxxxxxxxx> wrote:
Hi Vikas,

Le mer. 26 févr. 2020 à 07:25, Vikas Theng <thengvikas2017@xxxxxxxxx> a écrit :
Hello , 
I am trying to dissect mac-nr exported pdu, it is showing mac-nr in wireshark but not able to dissect complete message. 
I have added mac exported pdu heuristics and mac nr heuristics. please find attachment.  

Based on the screenshot I can spot several errors:
- you should use the tag EXP_PDU_TAG_HEUR_PROTO_NAME and not EXP_PDU_TAG_PROTO_NAME as you want to use the mac-nr heuristic dissector
- the exported PDU payload should be directly the UDP payload, so starting with 6d6163. Remove the first 10 zeroes

Best regards,
Pascal.


On Fri, Feb 7, 2020 at 7:26 PM Pascal Quantin <pascal@xxxxxxxxxxxxx> wrote:
Hi Vikas,

Le ven. 7 févr. 2020 à 14:42, Vikas Theng <thengvikas2017@xxxxxxxxx> a écrit :
Hello.,
 I am trying to dissect the runtime MIB message, but runtime It is showing only LLC protocol.
When I am converting text to pcap using text2pcap -l 252 file.txt file.pacpng and load file pcap file manually it is showing NR RRC protocol but run-time it is failing and showing LLC protocol. please guide me.
 
your text2pcap command creates a file with a linktype set to 252 which corresponds to WIreshark Upper PDU format.
Whatever mechanism you use to generate your runtime stream should use this linktype if you want to be able to decode it. If another linktype is given in the stream, you will get a wrong decoding (like LLC for example).
Alternatively you could write your own encapsulation protocol running on top of a well known UDP port for example, and then a small dissector calling the relevant NR RRC dissector when required (based on some meta data you would transmit in the UDP payload, along with the NR RRC message dump).

Best regards,
Pascal.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Attachment: Screenshot from 2020-02-26 14-20-08.png
Description: PNG image