Wireshark mailing list archives
not able to decode TCAP/GSM_MAP/GSM_SMS protocol layers
From: "Zak, Pavel" <Pavel.Zak () acision com>
Date: Thu, 29 Jul 2010 11:53:03 +0200
Hi, I currently have wireshark 1.2.9 and I'm not able to decode M3UA traffic exchanged between SMSC and STP. Decoding ends up on ETH/IP/SCTP/M3UA/SCCP layer and the rest is non decoded raw data. Could anyone tell me what's wrong in the traffic? Please see HTML output bellow (left side correctly decoded, right side incorrectly). Thank you, Pavel 1 No. Time Source Destination Protocol Info = 1 No. Time Source Destination Protocol Info 2 106 2009-07-21 17:44:28.055408 16262 16317 GSM SMS invoke mo-forwardSM <> 2 224 2010-07-28 20:46:13.015670 168855 168706 SCCP (Int. ITU) UDT 3 = 3 4 Frame 106 (230 bytes on wire, 230 bytes captured) <> 4 Frame 224 (202 bytes on wire, 202 bytes captured) 5 Arrival Time: Jul 21, 2009 17:44:28.055408000 5 Arrival Time: Jul 28, 2010 20:46:13.015670000 6 [Time delta from previous captured frame: 0.099000000 seconds] 6 [Time delta from previous captured frame: 0.009999000 seconds] 7 [Time delta from previous displayed frame: 0.099000000 seconds] 7 [Time delta from previous displayed frame: 0.009999000 seconds] 8 [Time since reference or first frame: 4.899035000 seconds] 8 [Time since reference or first frame: 1.969952000 seconds] 9 Frame Number: 106 9 Frame Number: 224 10 Frame Length: 230 bytes 10 Frame Length: 202 bytes 11 Capture Length: 230 bytes 11 Capture Length: 202 bytes 12 [Frame is marked: False] = 12 [Frame is marked: False] 13 [Protocols in frame: eth:ip:sctp:m3ua:sccp:tcap:gsm_map:gsm_sms] <> 13 [Protocols in frame: eth:ip:sctp:m3ua:sccp:data] 14 Ethernet II, Src: Pentacom_53:f8:00 (00:d0:04:53:f8:00), Dst: HewlettP_ab:00:e6(00:17:a4:ab:00:e6) 14 Ethernet II, Src: HewlettP_79:66:1b (00:1b:78:79:66:1b), Dst: IETF-VRRP-virtual-router-VRID_d0 (00:00:5e:00:01:d0) 15 Destination: HewlettP_ab:00:e6 (00:17:a4:ab:00:e6) 15 Destination: IETF-VRRP-virtual-router-VRID_d0 (00:00:5e:00:01:d0) 16 Address: HewlettP_ab:00:e6 (00:17:a4:ab:00:e6) 16 Address: IETF-VRRP-virtual-router-VRID_d0 (00:00:5e:00:01:d0) 17 .... ...0 .... .... .... .... = IG bit: Individual address (unicast) = 17 .... ...0 .... .... .... .... = IG bit: Individual address (unicast) 18 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) 18 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) 19 Source: Pentacom_53:f8:00 (00:d0:04:53:f8:00) <> 19 Source: HewlettP_79:66:1b (00:1b:78:79:66:1b) 20 Address: Pentacom_53:f8:00 (00:d0:04:53:f8:00) 20 Address: HewlettP_79:66:1b (00:1b:78:79:66:1b) 21 .... ...0 .... .... .... .... = IG bit: Individual address (unicast) = 21 .... ...0 .... .... .... .... = IG bit: Individual address (unicast) 22 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) 22 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) 23 Type: IP (0x0800) 23 Type: IP (0x0800) 24 Internet Protocol, Src: 192.168.144.213 (192.168.144.213), Dst: 192.168.138.194(192.168.138.194) <> 24 Internet Protocol, Src: 10.0.57.8 (10.0.57.8), Dst: 10.0.60.35(10.0.60.35) 25 Version: 4 = 25 Version: 4 26 Header length: 20 bytes 26 Header length: 20 bytes 27 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 27 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 28 0000 00.. = Differentiated Services Codepoint: Default (0x00) 28 0000 00.. = Differentiated Services Codepoint: Default (0x00) 29 .... ..0. = ECN-Capable Transport (ECT): 0 29 .... ..0. = ECN-Capable Transport (ECT): 0 30 .... ...0 = ECN-CE: 0 30 .... ...0 = ECN-CE: 0 31 Total Length: 216 <> 31 Total Length: 188 32 Identification: 0x294f (10575) 32 Identification: 0xdc78 (56440) 33 Flags: 0x00 = 33 Flags: 0x00 34 0.. = Reserved bit: Not Set 34 0.. = Reserved bit: Not Set 35 .0. = Don't fragment: Not Set 35 .0. = Don't fragment: Not Set 36 ..0 = More fragments: Not Set 36 ..0 = More fragments: Not Set 37 Fragment offset: 0 37 Fragment offset: 0 38 Time to live: 250 <> 38 Time to live: 64 39 Protocol: SCTP (0x84) = 39 Protocol: SCTP (0x84) 40 Header checksum: 0xf969 [correct] <> 40 Header checksum: 0x141b [correct] 41 [Good: True] = 41 [Good: True] 42 [Bad : False] 42 [Bad : False] 43 Source: 192.168.144.213 (192.168.144.213) <> 43 Source: 10.0.57.8 (10.0.57.8) 44 Destination: 192.168.138.194 (192.168.138.194) 44 Destination: 10.0.60.35 (10.0.60.35) 45 Stream Control Transmission Protocol, Src Port: 2906 (2906), Dst Port: 2906 (2906) 45 Stream Control Transmission Protocol, Src Port: m3ua (2905), Dst Port: 12138 (12138) 46 Source port: 2906 46 Source port: 2905 47 Destination port: 2906 47 Destination port: 12138 48 Verification tag: 0x08c9a1e4 48 Verification tag: 0x000027f6 49 Checksum: 0x37791c7d (not verified) 49 Checksum: 0x298cf244 (not verified) 50 DATA chunk(ordered, complete segment, TSN: 610068268, SID: 1, SSN: 1614, PPID: 3, payload length: 168 bytes) 50 DATA chunk(unordered, complete segment, TSN: 767836188, SID: 1, SSN: 0, PPID: 3, payload length: 140 bytes) 51 Chunk type: DATA (0) = 51 Chunk type: DATA (0) 52 0... .... = Bit: Stop processing of the packet 52 0... .... = Bit: Stop processing of the packet 53 .0.. .... = Bit: Do not report 53 .0.. .... = Bit: Do not report 54 Chunk flags: 0x03 <> 54 Chunk flags: 0x07 55 .... ...1 = E-Bit: Last segment = 55 .... ...1 = E-Bit: Last segment 56 .... ..1. = B-Bit: First segment 56 .... ..1. = B-Bit: First segment 57 .... .0.. = U-Bit: Ordered delivery <> 57 .... .1.. = U-Bit: Unordered delivery 58 .... 0... = I-Bit: Possibly delay SACK = 58 .... 0... = I-Bit: Possibly delay SACK 59 Chunk length: 184 <> 59 Chunk length: 156 60 TSN: 610068268 60 TSN: 767836188 61 Stream Identifier: 0x0001 = 61 Stream Identifier: 0x0001 62 Stream sequence number: 1614 <> 62 Stream sequence number: 0 63 Payload protocol identifier: M3UA (3) = 63 Payload protocol identifier: M3UA (3) 64 MTP 3 User Adaptation Layer 64 MTP 3 User Adaptation Layer 65 Version: Release 1 (1) 65 Version: Release 1 (1) 66 Reserved: 0x00 66 Reserved: 0x00 67 Message class: Transfer messages (1) 67 Message class: Transfer messages (1) 68 Message type: Payload data (DATA) (1) 68 Message type: Payload data (DATA) (1) 69 Message length: 168 <> 69 Message length: 140 70 Routing context (1 context) = 70 Routing context (1 context) 71 Parameter Tag: Routing context (6) 71 Parameter Tag: Routing context (6) 72 Parameter length: 8 72 Parameter length: 8 73 Routing context: 2000 <> 73 Routing context: 101000 74 Protocol data (SS7 message of 134 bytes) 74 Protocol data (SS7 message of 108 bytes) 75 Parameter Tag: Protocol data (528) = 75 Parameter Tag: Protocol data (528) 76 Parameter length: 150 <> 76 Parameter length: 124 77 OPC: 16262 77 OPC: 168855 78 DPC: 16317 78 DPC: 168706 79 SI: SCCP (3) = 79 SI: SCCP (3) 80 NI: 3 <> 80 NI: 2 81 MP: 0 = 81 MP: 0 82 SLS: 1 <> 82 SLS: 47 83 MTP3 equivalents = 83 MTP3 equivalents 84 OPC: 16262 <> 84 OPC: 168855 85 DPC: 16317 85 DPC: 168706 86 PC: 16262 86 PC: 168855 87 PC: 16317 87 PC: 168706 88 NI: 3 88 NI: 2 89 Padding: 0000 90 Signalling Connection Control Part = 89 Signalling Connection Control Part 91 Message Type: Extended Unitdata (0x11) <> 90 Message Type: Unitdata (0x09) 92 .... 0001 = Class: 0x01 91 .... 0000 = Class: 0x00 93 1000 .... = Message handling: Return message on error (0x08) = 92 1000 .... = Message handling: Return message on error (0x08) 94 Hop Counter: 0x0e <> 95 Pointer to first Mandatory Variable parameter: 4 93 Pointer to first Mandatory Variable parameter: 3 96 Pointer to second Mandatory Variable parameter: 15 94 Pointer to second Mandatory Variable parameter: 12 97 Pointer to third Mandatory Variable parameter: 26 95 Pointer to third Mandatory Variable parameter: 21 98 Pointer to Optional parameter: 124 99 Called Party address (11 bytes) 96 Called Party address (9 bytes) 100 Address Indicator = 97 Address Indicator 101 .1.. .... = Routing Indicator: Route on SSN (0x01) <> 98 .0.. .... = Routing Indicator: Route on GT (0x00) 102 ..01 00.. = Global Title Indicator: Translation Type, Numbering Plan, EncodingScheme, and Nature of Address Indicator included (0x04) 99 ..00 10.. = Global Title Indicator: Translation Type only(0x02) 103 .... ..1. = SubSystem Number Indicator: SSN present (0x01) 100 .... ..0. = SubSystem Number Indicator: SSN not present (0x00) 104 .... ...0 = Point Code Indicator: Point Code not present (0x00) 101 .... ...1 = Point Code Indicator: Point Code present (0x01) 105 SubSystem Number: MSC (Mobile Switching Center) (8) 102 ..00 1010 0000 0110 = PC: 2566 106 [Linked to TCAP, TCAP SSN linked to GSM_MAP] 107 Global Title 0x4 (9 bytes) 103 Global Title 0x2 (6 bytes) 108 Translation Type: 0x00 104 Translation Type: 0x61 109 0001 .... = Numbering Plan: ISDN/telephony (0x01) 110 .... 0010 = Encoding Scheme: BCD, even number of digits (0x02) 111 .000 0100 = Nature of Address Indicator: International number (0x04) 112 Address information (digits): 393205959510 105 Address information (digits): 4722316910 113 Country Code: 39 Italy length 2 114 Calling Party address (11 bytes) 106 Calling Party address (9 bytes) 115 Address Indicator = 107 Address Indicator 116 .0.. .... = Routing Indicator: Route on GT (0x00) 108 .0.. .... = Routing Indicator: Route on GT (0x00) 117 ..01 00.. = Global Title Indicator: Translation Type, Numbering Plan, EncodingScheme, and Nature of Address Indicator included (0x04) <> 109 ..00 10.. = Global Title Indicator: Translation Type only(0x02) 118 .... ..1. = SubSystem Number Indicator: SSN present (0x01) 110 .... ..0. = SubSystem Number Indicator: SSN not present (0x00) 119 .... ...0 = Point Code Indicator: Point Code not present (0x00) 111 .... ...1 = Point Code Indicator: Point Code present (0x01) 120 SubSystem Number: MSC (Mobile Switching Center) (8) 112 ..00 1010 0000 1000 = PC: 2568 121 [Linked to TCAP, TCAP SSN linked to GSM_MAP] 122 Global Title 0x4 (9 bytes) 113 Global Title 0x2 (6 bytes) 123 Translation Type: 0x00 114 Translation Type: 0x61 124 0001 .... = Numbering Plan: ISDN/telephony (0x01) 125 .... 0010 = Encoding Scheme: BCD, even number of digits (0x02) 126 .000 0100 = Nature of Address Indicator: International number (0x04) 127 Address information (digits): 393209897010 115 Address information (digits): 1350090000 128 Country Code: 39 Italy length 2 116 Data (82 bytes) 129 .... .000 = Importance: 0x00 130 End of Optional 131 Transaction Capabilities Application Part 132 begin 117 133 Source Transaction ID 118 0000 62 50 48 04 21 f1 46 00 6b 1a 28 18 06 07 00 11 bPH.!.F.k.(..... 134 Transaction Id: 0001AC81 119 0010 86 05 01 01 01 a0 0d 60 0b a1 09 06 07 04 00 00 .......`........ 135 oid: 0.0.17.773.1.1.1 (id-as-dialogue) 120 0020 01 00 14 03 6c 2c a1 2a 02 01 4e 02 01 2d 30 22 ....l,.*..N..-0" 136 dialogueRequest 121 0030 80 07 91 61 74 22 13 96 f1 81 01 ff 82 07 91 61 ...at".........a 137 Padding: 7 122 0040 31 05 90 00 f0 88 01 00 89 08 0b 91 61 74 07 91 1...........at.. 138 protocol-version: 80 (version1) 139 1... .... = version1: True 140 application-context-name: 0.4.0.0.1.0.21.3 (shortMsgMO-RelayContext-v3) 141 components: 1 item 142 Component: invoke (1) 143 invoke 144 invokeID: 1 145 opCode: localValue (0) 146 localValue: 46 147 CONSTRUCTOR 148 CONSTRUCTOR Tag 149 Tag: 0x00 123 0050 45 f8 E. 150 Length: 44 151 Parameter (0x04) 152 Tag: 0x04 153 Length: 7 154 Data: 91932350595901 155 Parameter (0x02) 156 Tag: 0x02 157 Length: 7 158 Data: 91932310000039 159 Parameter (0x04) 160 Tag: 0x04 161 Length: 14 162 Data: 11960A8123100010660000A70141 124 Data: 6250480421F146006B1A2818060700118605010101A00D60... 163 Parameter (0x04) 164 Tag: 0x04 165 Length: 8 125 [Length: 82] 166 Data: 22821801000030F1 167 GSM Mobile Application 168 Component: invoke (1) 169 invoke 170 invokeID: 1 171 opCode: localValue (0) 172 localValue: mo-forwardSM (46) 173 sm-RP-DA: serviceCentreAddressDA (4) 174 serviceCentreAddressDA: 91932350595901 175 1... .... = Extension: No Extension 176 .001 .... = Nature of number: International Number (0x01) 177 .... 0001 = Number plan: ISDN/Telephony Numbering (Rec ITU-T E.164)(0x01) 178 Address digits: 393205959510 179 Country Code: 39 Italy length 2 180 sm-RP-OA: msisdn (2) 181 msisdn: 91932310000039 182 1... .... = Extension: No Extension 183 .001 .... = Nature of number: International Number (0x01) 184 .... 0001 = Number plan: ISDN/Telephony Numbering (Rec ITU-T E.164)(0x01) 185 Address digits: 393201000093 186 Country Code: 39 Italy length 2 187 sm-RP-UI: 11960A8123100010660000A70141 188 imsi: 22821801000030F1 189 TBCD digits: 222881100000031 190 GSM SMS TPDU (GSM 03.40) SMS-SUBMIT 191 0... .... = TP-RP: TP Reply Path parameter is not set in this SMS SUBMIT/DELIVER 192 .0.. .... = TP-UDHI: The TP UD field contains only the short message 193 ..0. .... = TP-SRR: A status report is not requested 194 ...1 0... = TP-VPF: TP-VP field present - relative format (2) 195 .... .0.. = TP-RD: Instruct SC to accept duplicates 196 .... ..01 = TP-MTI: SMS-SUBMIT (1) 197 TP-MR: 150 198 TP-Destination-Address - (3201000166) 199 Length: 10 address digits 200 1... .... : No extension 201 .000 .... : Type of number: (0) Unknown 202 .... 0001 : Numbering plan: (1) ISDN/telephone (E.164/E.163) 203 TP-DA Digits: 3201000166 204 TP-PID: 0 205 00.. .... : defines formatting for subsequent bits 206 ..0. .... : no telematic interworking, but SME-to-SME protocol 207 ...0 0000 : the SM-AL protocol being used between the SME and the MS (0) 208 TP-DCS: 0 209 00.. .... = Coding Group Bits: General Data Coding indication (0) 210 Special case, GSM 7 bit default alphabet 211 TP-Validity-Period: 24 hours 0 minutes 212 TP-User-Data-Length: (1) depends on Data-Coding-Scheme 213 TP-User-Data 214 A This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- not able to decode TCAP/GSM_MAP/GSM_SMS protocol layers Zak, Pavel (Jul 29)
- Re: not able to decode TCAP/GSM_MAP/GSM_SMS protocol layers Jeff Morriss (Jul 29)