That's exactly what I was looking for, and does the trick. Thanks!
On 30/11/2007, Luis EG Ontanon <[EMAIL PROTECTED]> wrote: > > You could use a user dlt and assign sccp to it. > > See http://wiki.wireshark.org/HowToDissectAnything > > > On Nov 30, 2007 1:50 AM, James Lee <[EMAIL PROTECTED]> wrote: > > Hi. I'm trying to use wireshark to decode raw SCCP packets; i.e. the > > contents of an SCCP packet sent over an SS7 link, but where we have only > the > > packet from the SCCP layer upwards available (so none of the lower-layer > > protocols like MTP3, MTP2, etc.). > > > > Now I'm trying to do this by outputting the contents of the SCCP message > to > > a binary ASCII file, and then running text2pcap over it as follows: > > "text2pcap -l 142 input.txt output.pcap" - where 142 is the value of > > DLT_SCCP which should be the correct link-layer type here I believe? > > Text2pcap is perfectly happy and produces an pcap output file. > > > > > > When I try to load this file in wireshark, I just get an error > complaining > > about an unknown link layer type of 142. For comparison, I've tried > running > > the exact same text2pcap command but with "-l 141" (which is DLT_MTP3), > and > > wireshark opens the file happily and tries to display an mtp3 packet > (though > > the contents is incorrect as this binary file doesn't contain an mtp3 > > header). > > > > From this, and from looking at the source code it looks like wireshark > > doesn't support decoding raw SCCP packets unless I'm missing something - > is > > this correct? If so, then is there a simple way for me to be able to > use > > wireshark and its associated tools to decode raw SCCP packets? Can I > get > > text2pcap to add a dummy MTP3 header (in the same way as it adds dummy > > UDP/TCP and lower headers to IP traffic)? Is my only option to get my > > application to output packets including an MTP3 header? Is there a more > > direct way to get wireshark to decode binary data for a single packet? > > > > Any help would be much appreciated here. > > _______________________________________________ > > Wireshark-dev mailing list > > Wireshark-dev@wireshark.org > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > > > > > > -- > This information is top security. When you have read it, destroy yourself. > -- Marshall McLuhan > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-dev >
_______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
