You could use a user dlt and assign sccp to it. See http://wiki.wireshark.org/HowToDissectAnything
On Nov 30, 2007 1:50 AM, James Lee <[EMAIL PROTECTED]> wrote: > Hi. I'm trying to use wireshark to decode raw SCCP packets; i.e. the > contents of an SCCP packet sent over an SS7 link, but where we have only the > packet from the SCCP layer upwards available (so none of the lower-layer > protocols like MTP3, MTP2, etc.). > > Now I'm trying to do this by outputting the contents of the SCCP message to > a binary ASCII file, and then running text2pcap over it as follows: > "text2pcap -l 142 input.txt output.pcap" - where 142 is the value of > DLT_SCCP which should be the correct link-layer type here I believe? > Text2pcap is perfectly happy and produces an pcap output file. > > > When I try to load this file in wireshark, I just get an error complaining > about an unknown link layer type of 142. For comparison, I've tried running > the exact same text2pcap command but with "-l 141" (which is DLT_MTP3), and > wireshark opens the file happily and tries to display an mtp3 packet (though > the contents is incorrect as this binary file doesn't contain an mtp3 > header). > > From this, and from looking at the source code it looks like wireshark > doesn't support decoding raw SCCP packets unless I'm missing something - is > this correct? If so, then is there a simple way for me to be able to use > wireshark and its associated tools to decode raw SCCP packets? Can I get > text2pcap to add a dummy MTP3 header (in the same way as it adds dummy > UDP/TCP and lower headers to IP traffic)? Is my only option to get my > application to output packets including an MTP3 header? Is there a more > direct way to get wireshark to decode binary data for a single packet? > > Any help would be much appreciated here. > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
