Wireshark mailing list archives
Re: ASN1 deode issue in H248 message
From: Anders Broman <a.broman () bredband net>
Date: Mon, 13 Feb 2012 22:26:14 +0100
Alex Lindberg skrev 2012-02-13 21:49:
When decoding an H248 ANS1 V1 message, the following TVB is presented to dissect_h248_sequence function (epan/dissectors/packet-ber.c)I think you need to add code to one of the h248 package sub dissectors that deals with this event or30 06 80 02 00 02 81 00 which is interpreted as: 00.. .... = Class: UNIVERSAL (0) ..1. .... = P/C: Constructed Encoding ...1 0000 = Tag: SEQUENCE (16) Length: 6 10.. .... = Class: CONTEXT (2) ..0. .... = P/C: Primitive Encoding ...0 0000 = Tag: 0 Length: 2 eventParamterName: 0002 10.. .... = Class: CONTEXT (2) ..0. .... = P/C: Primitive Encoding ...0 0001 = Tag: 1 Length: 0 value:The issue is that the 2nd value of the sequence in this case is a Boolean value but the decode shows a length of zero instead.Is there a way round this issue?
add a new sub dissector if non exists for the package in question. Regards Anders
Thanks as always. Alex Lindberg ___________________________________________________________________________ Sent via: Wireshark-dev mailing list<wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- ASN1 deode issue in H248 message Alex Lindberg (Feb 13)
- Re: ASN1 deode issue in H248 message Anders Broman (Feb 13)