Wireshark mailing list archives
Re: mux27010 capture
From: Lars Poeschel <poeschel () lemonage de>
Date: Wed, 14 Jan 2015 11:26:48 +0100
I am sorry for messing up the mails thread id, but it is very hard to answer to a mail where one itself is not the receipient. I am not subscribed to the mailing list.
On 1/2/2015 5:42 AM, poeschel () lemonage de wrote:Hello! I have to debug a problem with the multiplex protocol of a gsm modem. I came across wireshark being able to dissect mux27010 protocol which would be of big value to me. I did manage to capture some mux data from the uart but that does not seem to fit to that what wireshark expects. Here is my setup: I have a gsm modem connected to the uart of an arm processor running linux. In linux the n_gsm mux driver is attached to the uart and does the muxing. I now modified the n_gsm driver to hand me out a copy the data it sends to the uart right before it leaves the mux driver. Okay, I now have captured data and what I capture this way looks valid to me according to the mux spec in 3GPP TS 07.10 V7.2.0. I then convert this data to a hexdump with od -Ax -tx1 -v as stated in wireshark documentation and this is what I import to wireshark using the Import from hex dump... dialog. There I select my file and MUX27010 as encapsulation type. The dissection wireshark then does is garbage. In the MUX27010 Protocol wireshark expects an extended header which I do not have in my capture and which I can not find in the specification. If I remove this extended header part from the dissector and compile wireshark, it correctly dissects the first (and only the first) mux packet to me. So my questions are: Where does this extended header come from and what does it contain ? As it does not seem to be part of the mux specification (and it is very unlikely to be seen on the uart line) I suspect some capturing tool injecting this data. What is the preferred way of capturing this mux data ? Thanks in advance, LarsI'm not familiar with the protocol but the following may help: http://www.tcpdump.org/linktypes/LINKTYPE_MUX27010.html
Thanks for that. I did not know this. If I understand this right, this does not comply with the 3gpp specification, but instead a special siemens/cinterion variant of the protocol that is not compatible with the original 3gpp protocol. It would be great to note that fact somewhere in the wireshark code and/or in the wireshark doc. Bill, thanks again for your reply. That helped me a lot. Lars ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- mux27010 capture poeschel (Jan 02)
- Re: mux27010 capture Bill Meier (Jan 02)
- Re: mux27010 capture Bill Meier (Jan 02)
- <Possible follow-ups>
- Re: mux27010 capture Lars Poeschel (Jan 14)
- Re: mux27010 capture Bill Meier (Jan 14)
- Re: mux27010 capture Bill Meier (Jan 02)