Hi,all. I captured mms packets from traffic, save it as file name "mmscc7", there is no problem when use wireshark to decode it. but when I use "editcap.exe -r mmscc7 mmscc7300-400" to get packets 300-400 as another file name "mmscc7300-400",and use wirshark to decode it. I find that packet 37 can not decode as mms, but cotp,the other mms packets are all ok! I don't why, is it a bug of wireshark? asked 19 May '12, 18:49  theodoreli |
One Answer:
Hi, Probably some information needed yo determine the content of the packet gets "lost" when filtering the file you could try: Go to Edit->preferences->protocol->PRES and edit the users context tale enter context = 'the context of your packet' and OID = 1.0.9506.2.3 and your trace will be dissected as MMS. answered 20 May '12, 22:52  Anders ♦ |
