I can see that Wireshark has a problem decoding TCAP packet (showing only DATA and hex stream), if tcap packet is longer than 127 bytes. Usually TCAP is set of tag/len/data constructors, where tag and len are 1-byte, but they support extensions as well (len high bit is set to 1 and continuing on a next bytes)
asked 14 Jan '13, 06:05
edited 14 Jan '13, 14:12
Thanks for the sample capture. Actually the problem is simpler: the Called and Calling SSNs are both 146 and the Camel dissector does not, for some reason, register for that SSN.
Go to Edit->Preferences->Protocols->Camel and add 146 to the list of SSNs there. With that change my Wireshark shows a Camel initialDP.
(Does anyone know why Camel doesn't register for SSN 146--which is its registered SSN?)
answered 14 Jan '13, 08:32