Hi, With what Wireshark version in this? And a (synthetic) sample capture would go a long way investigating this.
Thanks, Jaap > On 6 Dec 2023, at 12:08, Ariel Burbaickij <ariel.burbaic...@gmail.com> wrote: > > Hello all, > > we have a special setup here: SS7 E1 is converted to SCTP traffic with the > following basic schema (I cannot share capture itself, just in case): > -- there are no INITs, HEARTBEATs/ACK, SACKs, just DATA chunks sent in both > directions as containers then for the traffic on higher layers . > --each linkset, of which there are many, is represented like this: > 1.1.1.1 <-> 2.2.2.2 > 3.3.3.3 <-> 4.4.4.4 > 5.5.5.5 <-> 6.6.6.6 > etc. > so, that one and the same IP address is never re-used for several > associations and <-> means bidirectional traffic. All associations use the > same port 2904 on both sides. > > > vtags used per direction are last two bytes of the source IP in the least > significant bytes of vtag field, so for the second association it is: > > 0x00000303 from 3.3.3.3 to 4.4.4.4 > and > 0x00000404 from 4.4.4.4 to 3.3.3.3 > etc. > > and TSNs are verified to be accurate too. > > Now, upon selecting the packet from, say 3.3.3.3 to 4.4.4.4 and "Analyse > this Association", we get multi-homed association reported with always larger > vtag reported as part of association, so as a matter of example: > > Endpoint 1 is 1.1.1.1 and 3.3.3.3 (vtag 0x00000303) > Endpoint 2 is 2.2.2.2 and 4.4.4.4 (vtag 0x00000404) > > so, why does analysis fail here, where it should not ? > > Kind Regards > Ariel Burbaickij > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
