Wireshark not recognized new SCCP protocol . You can found messages only if you will do filter by SCCP port 2000 . Is any plan to support it ? Thank you asked 31 Jan '11, 08:07  Dan_D |
4 Answers:
As with any protocol, I guess it will be updated if it is scratching someone's itch. The best way to get it in the face of developers, file a bug at bugs.wireshark.org with as much information as you can. And as grossman correctly pointed out the packet you have expanded above (frame 12) isn't anything other than a TCP ACK (it has length 0) answered 03 Feb '11, 17:32  martyvis |
While there are some SKINNY messages that the dissector doesn't recognize, it looks like this is a pure TCP ACK, judging by the LEN=0 in the screen-shot. answered 31 Jan '11, 10:35  grossman |
It is a updated skinny protocol which available in CM 7 and firmware 903 .before this firmaware wireshark can recognize all message with small issue which I discrabe in http://ask.wireshark.org/questions/558/skinny-protocol-problem answered 02 Feb '11, 10:00 Dan_D |
I know I'm a little late to this post, but I have seen the same thing, where wireshark doesn't recognize the skinny packet in the new firmware and CM 7 as anything other than generic SCCP. From what I have seen the issue is that the reserved portion of the SCCP packet is no longer all zeros. Cisco is now populating these bits, so Wireshark and other tools don't recognize them anymore. I have just recently gotten confirmation from a Cisco TAC engineer that this is a permanent change to the protocol, so hopefully Wireshark will be able to recognize these packets eventually. answered 28 Apr '11, 07:24  robrien |
