This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I wonder how does Wireshark know that there is BSSAP underlying the SCCP protocol ?

asked 29 Jan '13, 04:06

ahmediukas's gravatar image

ahmediukas
215610
accept rate: 0%


By the sub system number, SSN 98 is tied to BSSAP, changable by a protocol preference.

permanent link

answered 29 Jan '13, 05:58

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

Isnt SSN specified as 250 (BSC) and 251 (MSC) ? And further, it is in the SCCP DataForm1 message, so no SSN's provided (as in UDT) Example: http://cloudshark.org/captures/ea49319c49ca

(29 Jan '13, 11:09) ahmediukas
1

BSSAP is also detected heuristically, SCCP has a heuristic table where dissectors can register to have a peek a the packet and claim it if it's determined to be the protocol in question - might not be correct.

(29 Jan '13, 11:19) Anders ♦

I am pretty sure, GSM machines knows its BSSAP somehow, they doesn't heuristically dissector packet. Even if MTP/SCTP addresses are for them.

(30 Jan '13, 01:13) ahmediukas

Sure, but the question was how Wireshark detects them.

(30 Jan '13, 03:40) Anders ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×21
×3

question asked: 29 Jan '13, 04:06

question was seen: 3,688 times

last updated: 30 Jan '13, 03:40

p​o​w​e​r​e​d by O​S​Q​A