Wireshark mailing list archives
Re: rrc-lte over udp
From: Pascal Quantin <pascal.quantin () gmail com>
Date: Sat, 2 Jan 2016 21:40:42 +0100
Le 2 janv. 2016 9:22 PM, "Karunkaran Kumar" <skam4kumar () gmail com> a écrit :
Hi all, I recently learned about the LTE support on wireshark -- mac-lte,
rlc-lte, pdcp-lte and rrc-lte.
The heuristic dissection (i.e., using UDP framing) of the lower layers
(i.e., mac,rlc,pdcp) fits my needs exactly.
However, the rrc-lte apparently does not have have such an analogous UDP
framing format and heuristic dissection. (Kindly correct me if I am wrong).
I am actually in need of such a functionality. I however do not want to
add pseudo mac/rlc headers and use the existing UDP framing. So is it a good idea to try and write a heuristic dissector for this?
As far as my understanding goes, I would require one TAG field perpended
to the RRC packet, which would identify the type of the RRC packet -- i.e., BCCH.BCH, BCCH.DL.SCH, DL.CCCH, PCCH, etc...
The reason I think so, is because the 3GPP message decoder (
http://3gppdecoder.free.fr/?q=node/1) given in the RRC-LTE web page ( https://wiki.wireshark.org/LTE%20RRC) takes a byte stream and a combo-box with these options (BCCH.BCH, BCCH.DL.SCH, DL.CCCH, PCCH, etc...) alone for decoding the packet.
Could anyone kindly advise me on this. Is this correct and whether or not
it is a good idea to do this... I saw that few others have also wanted such a similar heuristic decoder for rrc, however they were suggested workarounds as mentioned above (using pseudo mac/rlc layer).
Looking forward to a reply, with regards, k kumar PS: I am a HUGE fan of Wireshark. :)
Hi Kumar, I'm not sure adding another UDP based heuristic dissector in the official source code base for LTE RRC would be really useful (as the only thing needed is to identify the PDU type which corresponds to a specific dissector already registered by name, contrary to MAC/RLC/PDCP dissectors that usually request more meta data). You have several ways to handle this yourself though: - write your own UDP based plugin or embedded dissector that would do the framing you are suggesting (it is very easy to do) - use Wireshark Upper PDUs DLT format (see https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/exported_pdu.h;h=087c91ec8ac4a396fa89e667bf07f12b804c2547;hb=HEAD for more details). I'm using it myself for some tools and it perfectly fit your need - assign a user DLT to each PDU type and configure Wireshark to call the corresponding dissector Best regards, Pascal.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- rrc-lte over udp Karunkaran Kumar (Jan 02)
- Re: rrc-lte over udp Pascal Quantin (Jan 02)
- Re: rrc-lte over udp Karunkaran Kumar (Jan 03)
- Re: rrc-lte over udp Pascal Quantin (Jan 03)
- Re: rrc-lte over udp Karunkaran Kumar (Jan 04)
- Re: rrc-lte over udp Karunkaran Kumar (Jan 03)
- Re: rrc-lte over udp Pascal Quantin (Jan 02)
- Duplicate heuristic short_name "XYZ" Oleksii Shevchuk (Jan 03)
- Re: Duplicate heuristic short_name "XYZ" Michael Mann (Jan 03)
- Re: Duplicate heuristic short_name "XYZ" Guy Harris (Jan 03)
- Re: Duplicate heuristic short_name "XYZ" Michael Mann (Jan 03)