Re: Staus of ASN.1 dissectors - RRC and NAS-EPS (for LTE)

[Anders Broman <anders.broman () ericsson com>]

Hi,
WS does not crash for me Version 1.5.1 (SVN Rev 35978 from /trunk) it's malformed. I can see that the packet is ony 
byte short
compared with the text version. Probably a fault in text2pcap. You can try the new feature to import text imput from 
the GUI
File->import.
text2pacap might work better if you have the trailing ... there , like
0000   07 41 71 08 29 26 08 30 00 00 00 04 05 80 c0 00  .Aq.)&.0........
0010   00 00 00 04 02 01 d0                                           .......

Or add an extra 00
I've included the fixed .pcap
Regards
Anders

________________________________
From: Karl-Heinz ECKSTEIN [mailto:karl-heinz.eckstein () stericsson com]
Sent: den 18 februari 2011 11:17
To: Developer support list for Wireshark
Cc: Vincent HELFRE ; Anders Broman; Fatih ARDIC ; Karl-Heinz ECKSTEIN
Subject: RE: [Wireshark-dev] Staus of ASN.1 dissectors - RRC and NAS-EPS (for LTE)

Hello Vincent,
Hello Anders,

It looks like we all have a common mother!  :) Interesting!
Many thanks for your hints!
Right now have the problem, that we receive a crash on wireshark, when we open the pcap file including one NAS-EPS(LTE) 
message.
The error message tells us:  "Runtime Error! - Program: C:\Program Files\Wireshark\wireshark.exe - This application has 
requested the Runtime to terminate it in an unusual way. Please contact the application support team for more 
information."

What we have done before?
We "captured" a NAS (LTE) message outside of wireshark. This message was just extracted from a trace line, we receive 
from LTE platform (UE). This NAS message is expected to be correct.
Then we translated this text line (adding  a '000000' in front of the NAS message) to pcap format. We use the command:
"c:\Program Files\Wireshark\text2pcap.exe" -l 147 NAS_message_test_6.txt NAS_message_test_6.pcap
We use a preference setup for the User 0 (DLT-147) and reference to protocol NAS-EPS in wireshark. (User 0 (DLT=147), 
NAS-EPS,0,""',0,""
When we start wireshark, we crash.

Do we something wrong, or could it be an error?

Many thanks!


Best regards
Karl Heinz Eckstein





From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Anders Broman
Sent: Donnerstag, 17. Februar 2011 18:45
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Staus of ASN.1 dissectors - RRC and NAS-EPS (for LTE)

Hi,
Both the NAS-EPS dissector and the LTE-RRC dissector are fairly well updated however you need to call them by using a 
User DLT
or something like that.
Regards
Anders

________________________________
From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Karl-Heinz 
ECKSTEIN
Sent: den 17 februari 2011 18:00
To: wireshark-dev () wireshark org
Subject: [Wireshark-dev] Staus of ASN.1 dissectors - RRC and NAS-EPS (for LTE)
Hello,
May I ask, which status is applicable on ASN.1, especially dissector of RRC and NAS-EPS.
I'm asking, because I'm trying to dissector a pcap file, which I had generated via text2pcap from a LTE NAS message.
The NAS message is not "decoded"/dissectored by wireshark in my example. But NAS-EPS is available in Filters but not in 
preferences.
I'm using latest 1.5.1 build.

Many thanks for any help about this.
Best regards
Karl Heinz Eckstein

Attachment: NAS_message_test_6-1.pcap
Description: NAS_message_test_6-1.pcap

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe