This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

3GPP PCAP asn1

0

Wireshark uses 3GPP TS 25.453 V11.0.0 specification for PCAP. I would like to use 3GPP TS 25.453 V9.1.0 for Wireshark decoding. Is it possible to rebuild Wireshark with a change of protocol Spec. How can I di this.

Thank you in advance

asked 24 Oct '17, 04:44

oaa's gravatar image

oaa
6445
accept rate: 0%

One Answer:

0

Are you sure you need an earlier version? Most of the time it's backwards compatible. If you need to rebuild you could check the history to see if the dissector was built with the version you require. If not you need to replace the asn1 files under dissectors/asn1/pcap with the version you want and adjust the .cnf file to fit that version. Then rebuild the dissector and rebuild wireshark. The method depends a bit on the OS you want to build for.

answered 24 Oct '17, 07:27

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

Anders, thank you for your help.

Unfortunately PCAP is encoded in Aligned Packed Encoding Rules (APER) ASN1.1 that is very sensitive to specification Version.

What is the ".cnf" file purpose?

Thank you in advance

(25 Oct '17, 00:50) oaa