Wireshark mailing list archives
not able to decode TCAP/GSM_MAP/GSM_SMS protocol layers
From: "Zak, Pavel" <Pavel.Zak () acision com>
Date: Thu, 29 Jul 2010 11:53:03 +0200
Hi,
I currently have wireshark 1.2.9 and I'm not able to decode M3UA traffic exchanged between SMSC and STP. Decoding ends
up on ETH/IP/SCTP/M3UA/SCCP layer and the rest is non decoded raw data.
Could anyone tell me what's wrong in the traffic? Please see HTML output bellow (left side correctly decoded, right
side incorrectly).
Thank you,
Pavel
1
No. Time Source Destination Protocol Info
=
1
No. Time Source Destination Protocol Info
2
106 2009-07-21 17:44:28.055408 16262 16317 GSM SMS invoke mo-forwardSM
<>
2
224 2010-07-28 20:46:13.015670 168855 168706 SCCP (Int. ITU) UDT
3
=
3
4
Frame 106 (230 bytes on wire, 230 bytes captured)
<>
4
Frame 224 (202 bytes on wire, 202 bytes captured)
5
Arrival Time: Jul 21, 2009 17:44:28.055408000
5
Arrival Time: Jul 28, 2010 20:46:13.015670000
6
[Time delta from previous captured frame: 0.099000000 seconds]
6
[Time delta from previous captured frame: 0.009999000 seconds]
7
[Time delta from previous displayed frame: 0.099000000 seconds]
7
[Time delta from previous displayed frame: 0.009999000 seconds]
8
[Time since reference or first frame: 4.899035000 seconds]
8
[Time since reference or first frame: 1.969952000 seconds]
9
Frame Number: 106
9
Frame Number: 224
10
Frame Length: 230 bytes
10
Frame Length: 202 bytes
11
Capture Length: 230 bytes
11
Capture Length: 202 bytes
12
[Frame is marked: False]
=
12
[Frame is marked: False]
13
[Protocols in frame: eth:ip:sctp:m3ua:sccp:tcap:gsm_map:gsm_sms]
<>
13
[Protocols in frame: eth:ip:sctp:m3ua:sccp:data]
14
Ethernet II, Src: Pentacom_53:f8:00 (00:d0:04:53:f8:00), Dst: HewlettP_ab:00:e6(00:17:a4:ab:00:e6)
14
Ethernet II, Src: HewlettP_79:66:1b (00:1b:78:79:66:1b), Dst: IETF-VRRP-virtual-router-VRID_d0 (00:00:5e:00:01:d0)
15
Destination: HewlettP_ab:00:e6 (00:17:a4:ab:00:e6)
15
Destination: IETF-VRRP-virtual-router-VRID_d0 (00:00:5e:00:01:d0)
16
Address: HewlettP_ab:00:e6 (00:17:a4:ab:00:e6)
16
Address: IETF-VRRP-virtual-router-VRID_d0 (00:00:5e:00:01:d0)
17
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
=
17
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
18
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
18
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
19
Source: Pentacom_53:f8:00 (00:d0:04:53:f8:00)
<>
19
Source: HewlettP_79:66:1b (00:1b:78:79:66:1b)
20
Address: Pentacom_53:f8:00 (00:d0:04:53:f8:00)
20
Address: HewlettP_79:66:1b (00:1b:78:79:66:1b)
21
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
=
21
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
22
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
22
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
23
Type: IP (0x0800)
23
Type: IP (0x0800)
24
Internet Protocol, Src: 192.168.144.213 (192.168.144.213), Dst: 192.168.138.194(192.168.138.194)
<>
24
Internet Protocol, Src: 10.0.57.8 (10.0.57.8), Dst: 10.0.60.35(10.0.60.35)
25
Version: 4
=
25
Version: 4
26
Header length: 20 bytes
26
Header length: 20 bytes
27
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
27
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
28
0000 00.. = Differentiated Services Codepoint: Default (0x00)
28
0000 00.. = Differentiated Services Codepoint: Default (0x00)
29
.... ..0. = ECN-Capable Transport (ECT): 0
29
.... ..0. = ECN-Capable Transport (ECT): 0
30
.... ...0 = ECN-CE: 0
30
.... ...0 = ECN-CE: 0
31
Total Length: 216
<>
31
Total Length: 188
32
Identification: 0x294f (10575)
32
Identification: 0xdc78 (56440)
33
Flags: 0x00
=
33
Flags: 0x00
34
0.. = Reserved bit: Not Set
34
0.. = Reserved bit: Not Set
35
.0. = Don't fragment: Not Set
35
.0. = Don't fragment: Not Set
36
..0 = More fragments: Not Set
36
..0 = More fragments: Not Set
37
Fragment offset: 0
37
Fragment offset: 0
38
Time to live: 250
<>
38
Time to live: 64
39
Protocol: SCTP (0x84)
=
39
Protocol: SCTP (0x84)
40
Header checksum: 0xf969 [correct]
<>
40
Header checksum: 0x141b [correct]
41
[Good: True]
=
41
[Good: True]
42
[Bad : False]
42
[Bad : False]
43
Source: 192.168.144.213 (192.168.144.213)
<>
43
Source: 10.0.57.8 (10.0.57.8)
44
Destination: 192.168.138.194 (192.168.138.194)
44
Destination: 10.0.60.35 (10.0.60.35)
45
Stream Control Transmission Protocol, Src Port: 2906 (2906), Dst Port: 2906 (2906)
45
Stream Control Transmission Protocol, Src Port: m3ua (2905), Dst Port: 12138 (12138)
46
Source port: 2906
46
Source port: 2905
47
Destination port: 2906
47
Destination port: 12138
48
Verification tag: 0x08c9a1e4
48
Verification tag: 0x000027f6
49
Checksum: 0x37791c7d (not verified)
49
Checksum: 0x298cf244 (not verified)
50
DATA chunk(ordered, complete segment, TSN: 610068268, SID: 1, SSN: 1614, PPID: 3, payload length: 168 bytes)
50
DATA chunk(unordered, complete segment, TSN: 767836188, SID: 1, SSN: 0, PPID: 3, payload length: 140 bytes)
51
Chunk type: DATA (0)
=
51
Chunk type: DATA (0)
52
0... .... = Bit: Stop processing of the packet
52
0... .... = Bit: Stop processing of the packet
53
.0.. .... = Bit: Do not report
53
.0.. .... = Bit: Do not report
54
Chunk flags: 0x03
<>
54
Chunk flags: 0x07
55
.... ...1 = E-Bit: Last segment
=
55
.... ...1 = E-Bit: Last segment
56
.... ..1. = B-Bit: First segment
56
.... ..1. = B-Bit: First segment
57
.... .0.. = U-Bit: Ordered delivery
<>
57
.... .1.. = U-Bit: Unordered delivery
58
.... 0... = I-Bit: Possibly delay SACK
=
58
.... 0... = I-Bit: Possibly delay SACK
59
Chunk length: 184
<>
59
Chunk length: 156
60
TSN: 610068268
60
TSN: 767836188
61
Stream Identifier: 0x0001
=
61
Stream Identifier: 0x0001
62
Stream sequence number: 1614
<>
62
Stream sequence number: 0
63
Payload protocol identifier: M3UA (3)
=
63
Payload protocol identifier: M3UA (3)
64
MTP 3 User Adaptation Layer
64
MTP 3 User Adaptation Layer
65
Version: Release 1 (1)
65
Version: Release 1 (1)
66
Reserved: 0x00
66
Reserved: 0x00
67
Message class: Transfer messages (1)
67
Message class: Transfer messages (1)
68
Message type: Payload data (DATA) (1)
68
Message type: Payload data (DATA) (1)
69
Message length: 168
<>
69
Message length: 140
70
Routing context (1 context)
=
70
Routing context (1 context)
71
Parameter Tag: Routing context (6)
71
Parameter Tag: Routing context (6)
72
Parameter length: 8
72
Parameter length: 8
73
Routing context: 2000
<>
73
Routing context: 101000
74
Protocol data (SS7 message of 134 bytes)
74
Protocol data (SS7 message of 108 bytes)
75
Parameter Tag: Protocol data (528)
=
75
Parameter Tag: Protocol data (528)
76
Parameter length: 150
<>
76
Parameter length: 124
77
OPC: 16262
77
OPC: 168855
78
DPC: 16317
78
DPC: 168706
79
SI: SCCP (3)
=
79
SI: SCCP (3)
80
NI: 3
<>
80
NI: 2
81
MP: 0
=
81
MP: 0
82
SLS: 1
<>
82
SLS: 47
83
MTP3 equivalents
=
83
MTP3 equivalents
84
OPC: 16262
<>
84
OPC: 168855
85
DPC: 16317
85
DPC: 168706
86
PC: 16262
86
PC: 168855
87
PC: 16317
87
PC: 168706
88
NI: 3
88
NI: 2
89
Padding: 0000
90
Signalling Connection Control Part
=
89
Signalling Connection Control Part
91
Message Type: Extended Unitdata (0x11)
<>
90
Message Type: Unitdata (0x09)
92
.... 0001 = Class: 0x01
91
.... 0000 = Class: 0x00
93
1000 .... = Message handling: Return message on error (0x08)
=
92
1000 .... = Message handling: Return message on error (0x08)
94
Hop Counter: 0x0e
<>
95
Pointer to first Mandatory Variable parameter: 4
93
Pointer to first Mandatory Variable parameter: 3
96
Pointer to second Mandatory Variable parameter: 15
94
Pointer to second Mandatory Variable parameter: 12
97
Pointer to third Mandatory Variable parameter: 26
95
Pointer to third Mandatory Variable parameter: 21
98
Pointer to Optional parameter: 124
99
Called Party address (11 bytes)
96
Called Party address (9 bytes)
100
Address Indicator
=
97
Address Indicator
101
.1.. .... = Routing Indicator: Route on SSN (0x01)
<>
98
.0.. .... = Routing Indicator: Route on GT (0x00)
102
..01 00.. = Global Title Indicator: Translation Type, Numbering Plan, EncodingScheme, and Nature of Address
Indicator included (0x04)
99
..00 10.. = Global Title Indicator: Translation Type only(0x02)
103
.... ..1. = SubSystem Number Indicator: SSN present (0x01)
100
.... ..0. = SubSystem Number Indicator: SSN not present (0x00)
104
.... ...0 = Point Code Indicator: Point Code not present (0x00)
101
.... ...1 = Point Code Indicator: Point Code present (0x01)
105
SubSystem Number: MSC (Mobile Switching Center) (8)
102
..00 1010 0000 0110 = PC: 2566
106
[Linked to TCAP, TCAP SSN linked to GSM_MAP]
107
Global Title 0x4 (9 bytes)
103
Global Title 0x2 (6 bytes)
108
Translation Type: 0x00
104
Translation Type: 0x61
109
0001 .... = Numbering Plan: ISDN/telephony (0x01)
110
.... 0010 = Encoding Scheme: BCD, even number of digits (0x02)
111
.000 0100 = Nature of Address Indicator: International number (0x04)
112
Address information (digits): 393205959510
105
Address information (digits): 4722316910
113
Country Code: 39 Italy length 2
114
Calling Party address (11 bytes)
106
Calling Party address (9 bytes)
115
Address Indicator
=
107
Address Indicator
116
.0.. .... = Routing Indicator: Route on GT (0x00)
108
.0.. .... = Routing Indicator: Route on GT (0x00)
117
..01 00.. = Global Title Indicator: Translation Type, Numbering Plan, EncodingScheme, and Nature of Address
Indicator included (0x04)
<>
109
..00 10.. = Global Title Indicator: Translation Type only(0x02)
118
.... ..1. = SubSystem Number Indicator: SSN present (0x01)
110
.... ..0. = SubSystem Number Indicator: SSN not present (0x00)
119
.... ...0 = Point Code Indicator: Point Code not present (0x00)
111
.... ...1 = Point Code Indicator: Point Code present (0x01)
120
SubSystem Number: MSC (Mobile Switching Center) (8)
112
..00 1010 0000 1000 = PC: 2568
121
[Linked to TCAP, TCAP SSN linked to GSM_MAP]
122
Global Title 0x4 (9 bytes)
113
Global Title 0x2 (6 bytes)
123
Translation Type: 0x00
114
Translation Type: 0x61
124
0001 .... = Numbering Plan: ISDN/telephony (0x01)
125
.... 0010 = Encoding Scheme: BCD, even number of digits (0x02)
126
.000 0100 = Nature of Address Indicator: International number (0x04)
127
Address information (digits): 393209897010
115
Address information (digits): 1350090000
128
Country Code: 39 Italy length 2
116
Data (82 bytes)
129
.... .000 = Importance: 0x00
130
End of Optional
131
Transaction Capabilities Application Part
132
begin
117
133
Source Transaction ID
118
0000 62 50 48 04 21 f1 46 00 6b 1a 28 18 06 07 00 11 bPH.!.F.k.(.....
134
Transaction Id: 0001AC81
119
0010 86 05 01 01 01 a0 0d 60 0b a1 09 06 07 04 00 00 .......`........
135
oid: 0.0.17.773.1.1.1 (id-as-dialogue)
120
0020 01 00 14 03 6c 2c a1 2a 02 01 4e 02 01 2d 30 22 ....l,.*..N..-0"
136
dialogueRequest
121
0030 80 07 91 61 74 22 13 96 f1 81 01 ff 82 07 91 61 ...at".........a
137
Padding: 7
122
0040 31 05 90 00 f0 88 01 00 89 08 0b 91 61 74 07 91 1...........at..
138
protocol-version: 80 (version1)
139
1... .... = version1: True
140
application-context-name: 0.4.0.0.1.0.21.3 (shortMsgMO-RelayContext-v3)
141
components: 1 item
142
Component: invoke (1)
143
invoke
144
invokeID: 1
145
opCode: localValue (0)
146
localValue: 46
147
CONSTRUCTOR
148
CONSTRUCTOR Tag
149
Tag: 0x00
123
0050 45 f8 E.
150
Length: 44
151
Parameter (0x04)
152
Tag: 0x04
153
Length: 7
154
Data: 91932350595901
155
Parameter (0x02)
156
Tag: 0x02
157
Length: 7
158
Data: 91932310000039
159
Parameter (0x04)
160
Tag: 0x04
161
Length: 14
162
Data: 11960A8123100010660000A70141
124
Data: 6250480421F146006B1A2818060700118605010101A00D60...
163
Parameter (0x04)
164
Tag: 0x04
165
Length: 8
125
[Length: 82]
166
Data: 22821801000030F1
167
GSM Mobile Application
168
Component: invoke (1)
169
invoke
170
invokeID: 1
171
opCode: localValue (0)
172
localValue: mo-forwardSM (46)
173
sm-RP-DA: serviceCentreAddressDA (4)
174
serviceCentreAddressDA: 91932350595901
175
1... .... = Extension: No Extension
176
.001 .... = Nature of number: International Number (0x01)
177
.... 0001 = Number plan: ISDN/Telephony Numbering (Rec ITU-T E.164)(0x01)
178
Address digits: 393205959510
179
Country Code: 39 Italy length 2
180
sm-RP-OA: msisdn (2)
181
msisdn: 91932310000039
182
1... .... = Extension: No Extension
183
.001 .... = Nature of number: International Number (0x01)
184
.... 0001 = Number plan: ISDN/Telephony Numbering (Rec ITU-T E.164)(0x01)
185
Address digits: 393201000093
186
Country Code: 39 Italy length 2
187
sm-RP-UI: 11960A8123100010660000A70141
188
imsi: 22821801000030F1
189
TBCD digits: 222881100000031
190
GSM SMS TPDU (GSM 03.40) SMS-SUBMIT
191
0... .... = TP-RP: TP Reply Path parameter is not set in this SMS SUBMIT/DELIVER
192
.0.. .... = TP-UDHI: The TP UD field contains only the short message
193
..0. .... = TP-SRR: A status report is not requested
194
...1 0... = TP-VPF: TP-VP field present - relative format (2)
195
.... .0.. = TP-RD: Instruct SC to accept duplicates
196
.... ..01 = TP-MTI: SMS-SUBMIT (1)
197
TP-MR: 150
198
TP-Destination-Address - (3201000166)
199
Length: 10 address digits
200
1... .... : No extension
201
.000 .... : Type of number: (0) Unknown
202
.... 0001 : Numbering plan: (1) ISDN/telephone (E.164/E.163)
203
TP-DA Digits: 3201000166
204
TP-PID: 0
205
00.. .... : defines formatting for subsequent bits
206
..0. .... : no telematic interworking, but SME-to-SME protocol
207
...0 0000 : the SM-AL protocol being used between the SME and the MS (0)
208
TP-DCS: 0
209
00.. .... = Coding Group Bits: General Data Coding indication (0)
210
Special case, GSM 7 bit default alphabet
211
TP-Validity-Period: 24 hours 0 minutes
212
TP-User-Data-Length: (1) depends on Data-Coding-Scheme
213
TP-User-Data
214
A
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary
material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to,
retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- not able to decode TCAP/GSM_MAP/GSM_SMS protocol layers Zak, Pavel (Jul 29)
- Re: not able to decode TCAP/GSM_MAP/GSM_SMS protocol layers Jeff Morriss (Jul 29)