This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How can I find the correct dissector programmatically?

0

I am developing an application in C# using wireshark and I need to find the right dissector programmatically. By now I can dissect a LTE message but I need to put the dissector manually everytime. I would like to know how I can do that with the program finding the correct dissector by itself. Also, is there any list of LTE, WCDMA and GSM wireshark dissectors?

Thanks in advance.

asked 16 Oct '14, 06:13

lsilva's gravatar image

lsilva
11335
accept rate: 0%

edited 16 Oct '14, 06:13


One Answer:

0

You cannot deduce which dissector you need from the message dump itself: there is nothing at the beginning of the payload giving you the protocol to be used. Instead you need to know it from some meta data or proprietary information.

Regarding the list of 2G/3G/4G dissectors, it is quite long.

For LTE: mac-lte (needs meta data that can be provided through UDP framing protocol, see http://wiki.wireshark.org/MAC-LTE), rlc-lte (needs meta data that can be provided through UDP framing protocol, see http://wiki.wireshark.org/RLC-LTE), pdcp-lte (needs meta data that can be provided through UDP framing protocol, see http://wiki.wireshark.org/PDCP-LTE), lte-rrc.bcch.bch, lte-rrc.bcch.dl.sch, lte-rrc.pcch, lte-rrc.dl.ccch, lte-rrc.dl.dcch, lte-rrc.ul.ccch, lte-rrc.ul.dcch, lte-rrc.mcch, nas-eps, nas-eps_plain

For UMTS: mac.fdd.rach, mac.fdd.fach, mac.fdd.pch, mac.fdd.dch, mac.fdd.edch, mac.fdd.edch.type2, mac.fdd.hsdsch, rlc.bcch, rlc.pcch, rlc.ccch, rlc.ctch, rlc.dcch, rlc.ps_dtch, rlc.dch_unknown, rrc.dl.dcch, rrc.ul.dcch, rrc.dl.ccch, rrc.pcch, rrc.dl.shcch, rrc.ul.shcch, rrc.bcch.fach, rrc.bcch.bch, rrc.mcch, rrc.msch, rrc.irat.ho_to_utran_cmd, rrc.irat.irat_ho_info, rrc.sysinfo, rrc.sysinfo.cont, rrc.ue_radio_access_cap_info, rrc.si.mib, rrc.si.sib1, rrc.si.sib2, rrc.si.sib3, rrc.si.sib4, rrc.si.sib5, rrc.si.sib5bis, rrc.si.sib6, rrc.si.sib7, rrc.si.sib8, rrc.si.sib9, rrc.si.sib10, rrc.si.sib11, rrc.si.sib11bis, rrc.si.sib12, rrc.si.sib13, rrc.si.sib13-1, rrc.si.sib13-2, rrc.si.sib13-3, rrc.si.sib13-4, rrc.si.sib14, rrc.si.sib15, rrc.si.sib15bis, rrc.si.sib15-1, rrc.si.sib15-1bis, rrc.si.sib15-2, rrc.si.sib15-2bis, rrc.si.sib15-2ter, rrc.si.sib15-3, rrc.si.sib15-3bis, rrc.si.sib15-4, rrc.si.sib15-5, rrc.si.sib15-6, rrc.si.sib15-7, rrc.si.sib15-8, rrc.si.sib16, rrc.si.sib17, rrc.si.sib18, rrc.si.sib19, rrc.si.sib20, rrc.si.sib21, rrc.si.sib22, rrc.si.sb1, rrc.si.sb2, gsm_a_dtap

For GSM/GPRS: lapdm, gsm_a_sacch, gsm_a_dtap, gsm_rlcmac_dl, gsm_rlcmac_ul, llcgprs, sndcp, sndcpxid

answered 16 Oct '14, 07:59

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

When you say from meta data, what does that mean? I've seen in one of the topics here that you can find the correct LTE dissector based on the link direction and channel type. Is there anything like that to GSM and WCDMA?

(23 Oct '14, 12:12) lsilva

For WCDMA RRC you will need to know the channel type, for GPRS you will need the direction, etc. By metadata I mean the information specific to each layer allowing you to identify which dissector is required (as you cannot deduce it from the payload). Wireshark cannot do that for you. You need to add I your own application whatever logic is required to select the dissector depending on your input file or data.

(23 Oct '14, 13:08) Pascal Quantin