I am developing an application in C# using wireshark and I need to find the right dissector programmatically. By now I can dissect a LTE message but I need to put the dissector manually everytime. I would like to know how I can do that with the program finding the correct dissector by itself. Also, is there any list of LTE, WCDMA and GSM wireshark dissectors? Thanks in advance. asked 16 Oct '14, 06:13  lsilva edited 16 Oct '14, 06:13 |
One Answer:
You cannot deduce which dissector you need from the message dump itself: there is nothing at the beginning of the payload giving you the protocol to be used. Instead you need to know it from some meta data or proprietary information. Regarding the list of 2G/3G/4G dissectors, it is quite long. For LTE: mac-lte (needs meta data that can be provided through UDP framing protocol, see http://wiki.wireshark.org/MAC-LTE), rlc-lte (needs meta data that can be provided through UDP framing protocol, see http://wiki.wireshark.org/RLC-LTE), pdcp-lte (needs meta data that can be provided through UDP framing protocol, see http://wiki.wireshark.org/PDCP-LTE), lte-rrc.bcch.bch, lte-rrc.bcch.dl.sch, lte-rrc.pcch, lte-rrc.dl.ccch, lte-rrc.dl.dcch, lte-rrc.ul.ccch, lte-rrc.ul.dcch, lte-rrc.mcch, nas-eps, nas-eps_plain For UMTS: mac.fdd.rach, mac.fdd.fach, mac.fdd.pch, mac.fdd.dch, mac.fdd.edch, mac.fdd.edch.type2, mac.fdd.hsdsch, rlc.bcch, rlc.pcch, rlc.ccch, rlc.ctch, rlc.dcch, rlc.ps_dtch, rlc.dch_unknown, rrc.dl.dcch, rrc.ul.dcch, rrc.dl.ccch, rrc.pcch, rrc.dl.shcch, rrc.ul.shcch, rrc.bcch.fach, rrc.bcch.bch, rrc.mcch, rrc.msch, rrc.irat.ho_to_utran_cmd, rrc.irat.irat_ho_info, rrc.sysinfo, rrc.sysinfo.cont, rrc.ue_radio_access_cap_info, rrc.si.mib, rrc.si.sib1, rrc.si.sib2, rrc.si.sib3, rrc.si.sib4, rrc.si.sib5, rrc.si.sib5bis, rrc.si.sib6, rrc.si.sib7, rrc.si.sib8, rrc.si.sib9, rrc.si.sib10, rrc.si.sib11, rrc.si.sib11bis, rrc.si.sib12, rrc.si.sib13, rrc.si.sib13-1, rrc.si.sib13-2, rrc.si.sib13-3, rrc.si.sib13-4, rrc.si.sib14, rrc.si.sib15, rrc.si.sib15bis, rrc.si.sib15-1, rrc.si.sib15-1bis, rrc.si.sib15-2, rrc.si.sib15-2bis, rrc.si.sib15-2ter, rrc.si.sib15-3, rrc.si.sib15-3bis, rrc.si.sib15-4, rrc.si.sib15-5, rrc.si.sib15-6, rrc.si.sib15-7, rrc.si.sib15-8, rrc.si.sib16, rrc.si.sib17, rrc.si.sib18, rrc.si.sib19, rrc.si.sib20, rrc.si.sib21, rrc.si.sib22, rrc.si.sb1, rrc.si.sb2, gsm_a_dtap For GSM/GPRS: lapdm, gsm_a_sacch, gsm_a_dtap, gsm_rlcmac_dl, gsm_rlcmac_ul, llcgprs, sndcp, sndcpxid answered 16 Oct '14, 07:59  Pascal Quantin |
When you say from meta data, what does that mean? I've seen in one of the topics here that you can find the correct LTE dissector based on the link direction and channel type. Is there anything like that to GSM and WCDMA?
For WCDMA RRC you will need to know the channel type, for GPRS you will need the direction, etc. By metadata I mean the information specific to each layer allowing you to identify which dissector is required (as you cannot deduce it from the payload). Wireshark cannot do that for you. You need to add I your own application whatever logic is required to select the dissector depending on your input file or data.