This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am developing an application in C# using wireshark and I need to find the right dissector programmatically. By now I can dissect a LTE message but I need to put the dissector manually everytime. I would like to know how I can do that with the program finding the correct dissector by itself. Also, is there any list of LTE, WCDMA and GSM wireshark dissectors?

Thanks in advance.

asked 16 Oct '14, 06:13

lsilva's gravatar image

lsilva
11335
accept rate: 0%

edited 16 Oct '14, 06:13


You cannot deduce which dissector you need from the message dump itself: there is nothing at the beginning of the payload giving you the protocol to be used. Instead you need to know it from some meta data or proprietary information.

Regarding the list of 2G/3G/4G dissectors, it is quite long.

For LTE: mac-lte (needs meta data that can be provided through UDP framing protocol, see http://wiki.wireshark.org/MAC-LTE), rlc-lte (needs meta data that can be provided through UDP framing protocol, see http://wiki.wireshark.org/RLC-LTE), pdcp-lte (needs meta data that can be provided through UDP framing protocol, see http://wiki.wireshark.org/PDCP-LTE), lte-rrc.bcch.bch, lte-rrc.bcch.dl.sch, lte-rrc.pcch, lte-rrc.dl.ccch, lte-rrc.dl.dcch, lte-rrc.ul.ccch, lte-rrc.ul.dcch, lte-rrc.mcch, nas-eps, nas-eps_plain

For UMTS: mac.fdd.rach, mac.fdd.fach, mac.fdd.pch, mac.fdd.dch, mac.fdd.edch, mac.fdd.edch.type2, mac.fdd.hsdsch, rlc.bcch, rlc.pcch, rlc.ccch, rlc.ctch, rlc.dcch, rlc.ps_dtch, rlc.dch_unknown, rrc.dl.dcch, rrc.ul.dcch, rrc.dl.ccch, rrc.pcch, rrc.dl.shcch, rrc.ul.shcch, rrc.bcch.fach, rrc.bcch.bch, rrc.mcch, rrc.msch, rrc.irat.ho_to_utran_cmd, rrc.irat.irat_ho_info, rrc.sysinfo, rrc.sysinfo.cont, rrc.ue_radio_access_cap_info, rrc.si.mib, rrc.si.sib1, rrc.si.sib2, rrc.si.sib3, rrc.si.sib4, rrc.si.sib5, rrc.si.sib5bis, rrc.si.sib6, rrc.si.sib7, rrc.si.sib8, rrc.si.sib9, rrc.si.sib10, rrc.si.sib11, rrc.si.sib11bis, rrc.si.sib12, rrc.si.sib13, rrc.si.sib13-1, rrc.si.sib13-2, rrc.si.sib13-3, rrc.si.sib13-4, rrc.si.sib14, rrc.si.sib15, rrc.si.sib15bis, rrc.si.sib15-1, rrc.si.sib15-1bis, rrc.si.sib15-2, rrc.si.sib15-2bis, rrc.si.sib15-2ter, rrc.si.sib15-3, rrc.si.sib15-3bis, rrc.si.sib15-4, rrc.si.sib15-5, rrc.si.sib15-6, rrc.si.sib15-7, rrc.si.sib15-8, rrc.si.sib16, rrc.si.sib17, rrc.si.sib18, rrc.si.sib19, rrc.si.sib20, rrc.si.sib21, rrc.si.sib22, rrc.si.sb1, rrc.si.sb2, gsm_a_dtap

For GSM/GPRS: lapdm, gsm_a_sacch, gsm_a_dtap, gsm_rlcmac_dl, gsm_rlcmac_ul, llcgprs, sndcp, sndcpxid

permanent link

answered 16 Oct '14, 07:59

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

When you say from meta data, what does that mean? I've seen in one of the topics here that you can find the correct LTE dissector based on the link direction and channel type. Is there anything like that to GSM and WCDMA?

(23 Oct '14, 12:12) lsilva

For WCDMA RRC you will need to know the channel type, for GPRS you will need the direction, etc. By metadata I mean the information specific to each layer allowing you to identify which dissector is required (as you cannot deduce it from the payload). Wireshark cannot do that for you. You need to add I your own application whatever logic is required to select the dissector depending on your input file or data.

(23 Oct '14, 13:08) Pascal Quantin
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×637
×37
×36
×5

question asked: 16 Oct '14, 06:13

question was seen: 3,213 times

last updated: 23 Oct '14, 13:09

p​o​w​e​r​e​d by O​S​Q​A