Greetings! Hoping someone can help me. In a trace from a customer, I have three DTAP messages that are giving Wireshark grief in trying to dissect them. I've put in bold the protocol discriminator octet and the message type octet:
GSM A-I/F DTAP - Unknown DTAP Message Type (0x03)
Protocol Discriminator: Mobility Management messages (5)
.... 0101 = Protocol discriminator: Mobility Management messages (0x05)
0000 .... = Skip Indicator: No indication of selected PLMN (0)
00.. .... = Sequence number: 0
..00 0011 = DTAP Mobility Management Message Type: Unknown (0x03)
0000 00 50 56 be 6e 10 00 13 5f e1 d4 00 08 00 45 00 .PV.n…_…..E.
0010 00 50 00 00 40 00 36 11 b6 f9 0a 4a 00 d7 ac 1c [email protected]
0020 d6 66 ca ce 12 79 00 3c f5 3e 02 04 01 00 82 00 .f…y.<.>……
0030 00 00 00 15 52 7b 07 00 00 00 03 00 fd 05 03 15 ….R{……….
0040 10 36 00 b0 28 43 80 17 c0 87 ff f2 b8 41 4a 02 .6..(C…….AJ.
0050 04 18 38 02 80 a1 98 1a ba c5 32 00 00 00 ..8…….2…
GSM A-I/F DTAP - Unknown DTAP Message Type (0x01)
Protocol Discriminator: Radio Resources Management messages (6)
…. 0110 = Protocol discriminator: Radio Resources Management messages (0x06)
0000 …. = Skip Indicator: No indication of selected PLMN (0)
DTAP Radio Resources Management Message Type: Unknown (0x01)
0000 00 50 56 be 6e 10 00 13 5f e1 d4 00 08 00 45 00 .PV.n…_…..E.
0010 00 38 00 00 40 00 36 11 b7 11 0a 4a 00 d7 ac 1c [email protected]
0020 d6 66 ca ce 12 79 00 24 e1 73 02 04 01 00 82 00 .f…y.$.s……
0030 00 00 00 15 52 7b 07 00 00 00 03 00 fd 06 01 a2 ….R{……….
0040 e7 fc 23 0b c8 00 ..#…
GSM A-I/F DTAP - Unknown DTAP Message Type (0x00)
Protocol Discriminator: Call Control; call related SS messages (3)
…. 0011 = Protocol discriminator: Call Control; call related SS messages (0x03)
0… …. = TI flag: allocated by sender
.000 …. = TIO: 0
00.. …. = Sequence number: 0
..00 0000 = DTAP Call Control Message Type: Unknown (0x00)
0000 00 50 56 be 6e 10 00 13 5f e1 d4 00 08 00 45 00 .PV.n…_…..E.
0010 00 3d 00 00 40 00 36 11 b7 0c 0a 4a 00 d7 ac 1c [email protected]
0020 d6 66 ca ce 12 79 00 29 7b 55 02 04 01 00 82 00 .f…y.){U……
0030 00 00 00 15 52 7b 07 00 00 00 03 00 fd 03 00 31 ….R{………1
0040 4a 00 99 ff 20 80 0b 10 13 01 18 J… ……
I’m not inclined to think this is interference, because these three messages come up regularly and I don’t think a mangled message would make it that far up the protocol stack.
Any help is appreciated!
asked 14 Aug ‘15, 09:22
tiger762
11●3●3●7
accept rate: 0%