Re: NR-RRC Dissector

[Anders Broman via Wireshark-users <wireshark-users () wireshark org>]

Hi,

If you followed the tread you could see that Pascal wrote(see below) an 
explanation why the solution I tried was wrong so I reverted that code and the 
sample does not work as you can see.



This might work:

text2pcap.exe -l 252 MIB.txt" mib.pcapng"



With the following content of the .txt file



0000   00 0c 00 18 6e 72 2d 72 72 63 2e 62 63 63 68 2e         nr-rrc.mib 6e 
72 2d 72 72 63 2e 6d 69 62

0010   62 63 68 00 00 00 00 00 00 00 00 00 00 00 00 00        (nr-rrc.bcch.bch 
6e 72 2d 72 72 63 2e 62 63 63 68 2e 62 63 68)

0020   06 f2 d4



Regards

Anders

Hi Keval,



based on your screenshot you seem to have a proprietary encapsulation in the 
UDP payload (we can see the string nr-rrc and a BCCH-BCH message - that 
contains a MIB - is 3 bytes long only). So presumably here the real data you 
want to decode is 0x06f2d4?

You should request to whoever defined this encapsulation the corresponding 
Wiresahrk dissector / plugin that calls the NR-RRC dissector. Or use another 
encapsulation method as the one described by Anders.



For the payload 06f2d4, the decoding is:

NR Radio Resource Control (RRC) protocol
    BCCH-BCH-Message
        message: mib (0)
            mib
                systemFrameNumber: 0c [bit length 6, 2 LSB pad bits, 0000 11.. 
decimal value 3]
                subCarrierSpacingCommon: scs15or60 (0)
                ssb-SubcarrierOffset: 15
                dmrs-TypeA-Position: pos2 (0)
                pdcch-ConfigSIB1
                    controlResourceSetZero: 5
                    searchSpaceZero: 10
                cellBarred: notBarred (1)
                intraFreqReselection: allowed (0)
                spare: 00 [bit length 1, 7 LSB pad bits, 0... .... decimal 
value 0]



Best regards,

Pascal.







From: Manoj Kumar <manoj () wisig com>
Sent: den 30 oktober 2019 12:13
To: Anders Broman <anders.broman () ericsson com>
Cc: Community support list for Wireshark <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] NR-RRC Dissector



Dear Anders Broman,



Thanks for your email.

Yes, I went through this, it's just showing EXPORTED_ PDU while I'm opening 
the .pcapng file, What should I do, so that I'll get MIB Info also?



Thanks & Regards,

Manoj



On Wed, Oct 30, 2019 at 2:50 PM Anders Broman <anders.broman () ericsson com 
<mailto:anders.broman () ericsson com> > wrote:

Hi,

Did you check the replies to your previous mails?

 <https://www.wireshark.org/lists/wireshark-users/201910/msg00019.html> 
https://www.wireshark.org/lists/wireshark-users/201910/msg00019.html

Regards

Anders





From: Wireshark-users <wireshark-users-bounces () wireshark org 
<mailto:wireshark-users-bounces () wireshark org> > On Behalf Of Manoj Kumar
Sent: den 29 oktober 2019 13:02
To: wireshark-users () wireshark org <mailto:wireshark-users () wireshark org>
Subject: [Wireshark-users] NR-RRC Dissector



Dear all,



Here I'm mentioning some queries, which given below :



1. I am trying to dissect NR-RRC message i.e. MIB packet, but it is not 
dissecting.

Could you please help me, so that it would dissect MIB of NR-RRC?



2. Is there any NR-RRC over the UDP protocol being used?

please share the relevant information w.r.t. above questions.



I tried on Wireshark-3.0.1, Wireshark-3.0.5, & Wireshark-3.1.0.



Kindly, help me to get a solution for the above queries.



Thanks & Regards,

Manoj Kumar

Attachment: smime.p7s
Description:

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe