This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Decode TP4(COTP) inside CLNP

0

Why there is no way to force wireshark to decode perfectly normal TP4 transport layer (it's called COTP in wireshark terms) packets inside CLNP network layer? All I see is "Data" and there is no way to "Decode as" or apply any other dissector. On wireshark wiki it states: "CLNP: COTP uses CLNP as its underlying network protocol." And yes, this is the case.

Example (don't see how to attach actual pcap):

15:14:34.065889 CLNP, length 65
Data PDU, hlen: 60, v: 1, lifetime: 2.5s, Segment PDU length: 65, checksum: 0x0000(unverified)
Flags [Segmentation permitted]
source address (length 20): 39.356f.0000.0001.0000.0001.0001.0000.0011.0000.00
dest   address (length 20): 39.356f.0000.0001.0000.0001.0001.0000.0022.9685.00
Data Unit ID: 0x64c0, Segment Offset: 0, Total PDU Length: 65
  Priority Option #205, length 1, value: 0x0
  undecoded non-header data, length 5
  0x0000:  0465 8d8e 15

asked 19 Dec '11, 04:10

Constantine%20P's gravatar image

Constantine P
1112
accept rate: 0%

edited 19 Dec '11, 04:14

how did u manage to generate tp4 traffic , i can't find any application that uses this protocol , well ... i found atn linux implementation but i couldn't compile it , may i ask for your help on how to generate tp4 traffic ?

(03 Aug '14, 02:52) saeedh

One Answer:

0

OMG, thanks god we have source code:

static gboolean always_decode_transport = FALSE;

And I this leads to option inside CLNP protocol preferences that says:

"Always try to decode NSDU as transport PDUs"

Check it and it works! I really wonder why it's not checked by default, people use CLNP for something else?

answered 19 Dec '11, 07:20

Constantine%20P's gravatar image

Constantine P
1112
accept rate: 0%