James Lee wrote: > Hi. I'm trying to use wireshark to decode raw SCCP packets; i.e. the > contents of an SCCP packet sent over an SS7 link, but where we have only > the packet from the SCCP layer upwards available (so none of the > lower-layer protocols like MTP3, MTP2, etc.). > > Now I'm trying to do this by outputting the contents of the SCCP message > to a binary ASCII file, and then running text2pcap over it as follows: > "text2pcap -l 142 input.txt output.pcap" - where 142 is the value of > DLT_SCCP which should be the correct link-layer type here I believe? > Text2pcap is perfectly happy and produces an pcap output file. > > When I try to load this file in wireshark, I just get an error > complaining about an unknown link layer type of 142. For comparison, > I've tried running the exact same text2pcap command but with "-l 141" > (which is DLT_MTP3), and wireshark opens the file happily and tries to > display an mtp3 packet (though the contents is incorrect as this binary > file doesn't contain an mtp3 header). > > From this, and from looking at the source code it looks like wireshark > doesn't support decoding raw SCCP packets unless I'm missing something - > is this correct? If so, then is there a simple way for me to be able to
Yes, Wireshark was not set up to use this DLT value. It's a bit late, I know, but I just added support for it in rev 24119. _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
