This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Unknown SCTP Payload Protocol Id (SABP)

1

Hi!

I am using wire shark version 1.4.6 and when i send encoded SABP (Service Area Broadcast Protocol) packet (WRITE REPLACE message) over SCTP (Stream Control Transmission Protocol) the SCTP Payload protocol identifier is Unknown (31).

However i found two links where SABP is defined as PPI=31 and it's used over SCTP.

  1. http://wiki.wireshark.org/SABP
  2. http://anonsvn.wireshark.org/wireshark/trunk/epan/dissectors/packet-sctp.c

Could some one please help me on this or have a SCTP trace whith SABP message?

Thanks.

Stream Control Transmission Protocol, Src Port: 3452 (3452), Dst Port: 3452 (3452)
Source port: 3452
Destination port: 3452
Verification tag: 0x1500d017
Checksum: 0x745fed2a (not verified)
DATA chunk(unordered, complete segment, TSN: 476389665, SID: 0, SSN: 0, PPID: 31, payload length: 49 bytes)
    Chunk type: DATA (0)
        0... .... = Bit: Stop processing of the packet
        .0.. .... = Bit: Do not report
    Chunk flags: 0x07
        .... ...1 = E-Bit: Last segment
        .... ..1. = B-Bit: First segment
        .... .1.. = U-Bit: Unordered delivery
        .... 0... = I-Bit: Possibly delay SACK
    Chunk length: 65
    TSN: 476389665
    Stream Identifier: 0x0000
    Stream sequence number: 0
    Payload protocol identifier: Unknown (31)
    Chunk padding: 000000
Data (49 bytes)
0000  00 00 00 2d 00 00 06 00 07 40 02 53 75 00 0f 40   [email protected]@
0010  09 00 00 03 e6 79 d1 3f f7 64 00 0d 40 02 0a 63   [email protected]
0020  00 09 40 02 18 d8 00 04 40 01 39 00 00 40 02 11   [email protected]@[email protected]
0030  c4                                                .
Data: 0000002d000006000740025375000f4009000003e679d13f...
[Length: 49]

asked 22 Nov '11, 01:32

sifu's gravatar image

sifu
31337
accept rate: 0%


One Answer:

0

Upgrade to a newer version (e.g., 1.6.x).

To see what is used for the 1.4.x series, you have to look at the source code for that (pretty old now) version.

answered 22 Nov '11, 06:40

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Actually you need a development version a SABP dissector was recently added.

(22 Nov '11, 09:39) Anders ♦

My bad :-) I was thinking of sbc-ap

(22 Nov '11, 09:48) Anders ♦

Thanks, I have just installed wireshark 1.6.4 on ubuntu 11.04 and it solves my problem. Actually Ubuntu Software Center and Synaptic only propose 1.4.6.

(23 Nov '11, 01:05) sifu