Greeings! I'm attempting to use Wireshark to decode (among other protocols) some ss7/sigtran tcap/map messaging. My protocol stacks are (from the inside out): I'm not much of an ss7 so I kind of fumble with some of the lower layers. (Yes, I have set MTP3 standard to ANSI in my preferences.) I'm in the wireless ansi world so I have "simple" map transactions such as LOCREQ and locreq response messages and then I have WIN transactions such as ORREQ and orreq responses messages. All the versions of Wireshark I've tried support decoding the initial commands (e.g. LOCREQ and ORREQ). However, none of the versions will decode the response messages (locreq or orreq). What gets even more curious is that Ethereal v0.99.0 of will decode the ORREQ, orreq and locreq. However, it does not decode LOCREQ. I have ZERO desire to run Ethereal, but I would like to be able to decode my messages. I've searched a bit and have found references to some issues that were being dealt with a couple of years back with (I think) some ss7 decoding issues. Unfortunately, I did find the final resolution to that issue. Should I be able to decode my ansi map and win messages with the current version of Wireshark? Have I missed a preference setting somewhere? Any and all help would be most appreciated! asked 14 Sep '10, 12:18  jmyhre |
2 Answers:
If you have aprintout like "Dissector for ANSI TCAP NATIONAL code:0 not implemented. Contact Wireshark developers if you want this supported" chanses are that the problem is as decribed in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4466 "As ANSI TCAP responses does not contain a operation code Wireshark tries to match Responses to Invokes based on Source Destination and Identifier" This has to be fixed in the code or change to GSM/UMTS/LTE :-)) answered 14 Sep '10, 13:46  Anders ♦ |
Thanks for the response. I'd hoped it'd be an issue with something I had (or had not configured). Unfortunately, it sounds like an issue with the complexity of the ansi tcap/map specification. Looks like I'll just have to keep ethereal around for when I need help in decoding a response message. answered 14 Sep '10, 15:33 jmyhre |
"Ethereal" is the name that the program now called "Wireshark" used to have; what
All the versions of Wireshark I've tried support decoding the initial commands (e.g. LOCREQ and ORREQ). However, none of the versions will decode the response messages (locreq or orreq). What gets even more curious is that Ethereal v0.99.0 of will decode the ORREQ, orreq and locreq. However, it does not decode LOCREQ.
really means is "it could decode orreq and locreq in 0.99.0, but, at some point after 0.99.0, it couldn't decode them". That's a bug; file it at bugs.wireshark.org (with a capture if possible).