Re: issue regarding run-time heuristic dissecting NR -RRC .

[Pascal Quantin <pascal () wireshark org>]

Hi Vikas,

Le mer. 26 févr. 2020 à 07:25, Vikas Theng <thengvikas2017 () gmail com> a
écrit :

> Hello ,
> I am trying to dissect mac-nr exported pdu, it is showing mac-nr in
> wireshark but not able to dissect complete message.
> I have added mac exported pdu heuristics and mac nr heuristics. please
> find attachment.

Based on the screenshot I can spot several errors:
- you should use the tag EXP_PDU_TAG_HEUR_PROTO_NAME and not
EXP_PDU_TAG_PROTO_NAME as you want to use the mac-nr heuristic dissector
- the exported PDU payload should be directly the UDP payload, so starting
with 6d6163. Remove the first 10 zeroes

Best regards,
Pascal.


> On Fri, Feb 7, 2020 at 7:26 PM Pascal Quantin <pascal () wireshark org>
> wrote:
>
> > Hi Vikas,
> >
> > Le ven. 7 févr. 2020 à 14:42, Vikas Theng <thengvikas2017 () gmail com> a
> > écrit :
> >
> > > Hello.,
> > >  I am trying to dissect the runtime MIB message, but runtime It is
> > > showing only LLC protocol.
> > > When I am converting text to pcap using text2pcap -l 252 file.txt
> > > file.pacpng and load file pcap file manually it is showing NR RRC protocol
> > > but run-time it is failing and showing LLC protocol. please guide me.
> >
> > your text2pcap command creates a file with a linktype set to 252 which
> > corresponds to WIreshark Upper PDU format.
> > Whatever mechanism you use to generate your runtime stream should use
> > this linktype if you want to be able to decode it. If another linktype is
> > given in the stream, you will get a wrong decoding (like LLC for example).
> > Alternatively you could write your own encapsulation protocol running on
> > top of a well known UDP port for example, and then a small dissector
> > calling the relevant NR RRC dissector when required (based on some meta
> > data you would transmit in the UDP payload, along with the NR RRC message
> > dump).
> >
> > Best regards,
> > Pascal.
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> > Archives:    https://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
> >              mailto:wireshark-users-request () wireshark org
> > ?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe