Bit no. 1 of the Address Indicator field - according to RFC 3868 - is the SSN Indicator bit. However, Wireshark version 1.10.8 is looking at bit 2 as the SSN Indicator bit - bit 2 is actually the Point Code Indicator bit. By looking at the wrong bit, Wireshark fails to parse the remaining encapsulated data. asked 25 Jun '14, 10:36  Dave S |
3 Answers:
Are you talking about SCCP or SUA (RFC 3868)? They are different. I'm guessing you're talking about SCCP in which case the answer is that which bit is the SSN-indicator and which is the PC-indicator are different depending on the MTP3 standard you're using. Check the MTP3 preferences and choose the ITU, ANSI, China, or Japan variant. Or try the "determine the standard heuristically" checkbox. answered 25 Jun '14, 14:10  JeffMorriss ♦ |
The bit used for SSN depends on the MTP3 standard configured in the dissector. Did you try switching the configuration between ANSI and ITU? answered 25 Jun '14, 14:17  Pascal Quantin |
As others indicated, by far the most common problem when you see this type of decoding error in Wireshark for any SS7-based protocol is that MTP3 standards differ. Go to Edit > Preferences > Protocols > MTP3. From there confirm the MTP3 standard in use and hit OK. answered 25 Jun '14, 17:42  Quadratic edited 25 Jun '14, 17:43 |
