THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

LTE RRC dissector, are packets being misinterpreted ???

Hi friends,

I found a divergence in LTE packet interpretation. In wireshark 2.2.7 seems to be correct, but in the newer 2.6.5 it seems wrong.

If you can see in the images, at version 2.2.7 the packet number 63246 is being interpreted with protocol LTE RRC UL_DCCH/NAS-EPS (Uplink) and the info shows RRCConnectionSetupComplete.

But at 2.6.5, the same packet is being interpreted with protocol LTE RRC BCCH_BCH and the info shows MasterInformationBlock (SFN=78).

The packets from Uplink direction apparently are being interpreted as Broadcast.

Does anyone knows if this is realy a bug in the wireshark 2.6.5 implementation ?

WIRESHARK 2.2.7: https://ibb.co/WPhcLnc

WIRESHARK 2.6.5: https://ibb.co/YXVv93C

Sergio Z Arnosti's avatar
1
Sergio Z Arnosti
asked 2018-12-28 17:14:30 +0000, updated 2018-12-28 17:15:36 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Hi Sergio,

based on the pictures you have one or several custom dissectors between the UDP payload and the call to the LTE RRC dissector (by custom I mean not part of the official Wireshark distribution). The bug must be here as I can ensure you that the LTE RRC dissector is not buggy in 2.6.5 version. Presumably your custom dissector is not calling the right LTE RRC dissector. Without knowing more about it, I cannot help further but you should review this code part.

Pascal Quantin's avatar
5.8k
Pascal Quantin
answered 2018-12-28 17:46:38 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Hi Pascal,

Thank you for the reply.

We are using a third part dissector for the FAPI messages.

With the wireshark 2.2.7 it works fine, but the same dissector with the 2.6.5 not. I made the proper modifications in the FAPI dissector to work with the new wireshark, but it is only giving problem with the RRC messages in the Uplink direction, I saw that had a lot of modifications in the RRC dissector from 2.2.7 to 2.6.5, for this reason I decided to ask here.\

I will try to find where the fapi dissector calls the RRC. If you have more advice, I will appreciate.

Thanks

Sergio Z Arnosti's avatar Sergio Z Arnosti (2018-12-28 17:58:35 +0000) edit
more
  • delete

hi, Sergio could you please share the dissector of FAPI to me? i am looking for it a long time. you can reach me by [email protected], thanks a lot!

babycrazy80's avatar babycrazy80 (2019-12-06 01:20:02 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer