This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wireshark unable to decode sua/gsm_map traffic

0

Hi,

I am using wire shark version 1.6 and i am sending SUA traffic. It decodes up to SCCP layer and unable to decode tcap/map layer(it is displaying as raw data). Please see the below output

Stream Control Transmission Protocol, Src Port: 14002 (14002), Dst Port: sua (14001)
    Source port: 14002
    Destination port: 14001
    Verification tag: 0x000048c4
    Checksum: 0x2a1e43db (not verified)
    DATA chunk(unordered, complete segment, TSN: 341282439, SID: 11, SSN: 0, PPID: 4, payload length: 196 bytes)
        Chunk type: DATA (0)
            0... .... = Bit: Stop processing of the packet
            .0.. .... = Bit: Do not report
        Chunk flags: 0x07
            .... ...1 = E-Bit: Last segment
            .... ..1. = B-Bit: First segment
            .... .1.. = U-Bit: Unordered delivery
        .... 0... = I-Bit: Possibly delay SACK
        Chunk length: 212
        TSN: 341282439
        Stream Identifier: 0x000b
        Stream sequence number: 0
        Payload protocol identifier: SUA (4)
SS7 SCCP-User Adaptation Layer
    Version: Release 1 (1)
    Reserved: 00
    Message Class: Connectionless messages (7)
    Message Type: Connectionless Data Transfer (CLDT) (1)
    Message Length: 196
    Data (SS7 message of 72 bytes)
        Parameter Tag: Data (0x010b)
        Parameter Length: 76
        Data: 62464804000000016b1e281c060700118605010101a01160...
    Routing context (1 context)
        Parameter Tag: Routing context (0x0006)
        Parameter Length: 8
        Routing context: 1
    Protocol class (0)
        Parameter Tag: Protocol class (0x0115)
        Parameter Length: 8
        Reserved: 000000
        Protocol Class
            0... .... = Return On Error Bit: No Special Options
            .000 0000 = Protocol Class: 0
    Source address
        Parameter Tag: Source address (0x0102)
        Parameter Length: 44
        Routing Indicator: Route on Global Title (1)
        Address Indicator
            0000 0000 0000 0... = Reserved Bits: 0
            .... .... .... .1.. = Include GT: True
            .... .... .... ..1. = Include PC: True
            .... .... .... ...1 = Include SSN: True
        **Subsystem number (150)**
            Parameter Tag: Subsystem number (0x8003)
            Parameter Length: 8
            Reserved: 000000
            Subsystem Number: 150
        Point code (7164)
            Parameter Tag: Point code (0x8002)
            Parameter Length: 8
            Point Code: 7164
        Global title
            Parameter Tag: Global title (0x8001)
            Parameter Length: 18
            Reserved: 000000
            GTI: 0x04
            Number of Digits: 12
            Translation Type: 0x00
            Numbering Plan: ISDN/Telephony Numbering Plan (Rec. E.161 and E.164) (0x01)
            Nature of Address: International Number (0x04)
            Address information (digits): 553496629991
            Padding: 0000
    Destination address
        Parameter Tag: Destination address (0x0103)
        Parameter Length: 44
        Routing Indicator: Route on Global Title (1)
        Address Indicator
            0000 0000 0000 0... = Reserved Bits: 0
            .... .... .... .1.. = Include GT: True
            .... .... .... ..1. = Include PC: True
            .... .... .... ...1 = Include SSN: True
        **Subsystem number (0)**
            Parameter Tag: Subsystem number (0x8003)
            Parameter Length: 8
            Reserved: 000000
            **Subsystem Number: 0**
        Point code (7112)
            Parameter Tag: Point code (0x8002)
            Parameter Length: 8
            Point Code: 7112
        Global title
            Parameter Tag: Global title (0x8001)
            Parameter Length: 20
            Reserved: 000000
            GTI: 0x04
            Number of Digits: 15
            Translation Type: 0x00
            Numbering Plan: ISDN/Mobile Numbering Plan (Rec. E.214) (0x07)
            Nature of Address: International Number (0x04)
            Address information (digits): 550320300029365
    Sequence control (138)
        Parameter Tag: Sequence control (0x0116)
        Parameter Length: 8
        Sequence Control: 138
Data (72 bytes)

0000 62 46 48 04 00 00 00 01 6b 1e 28 1c 06 07 00 11 bFH…..k.(….. 0010 86 05 01 01 01 a0 11 60 0f 80 02 07 80 a1 09 06 …….`…….. 0020 07 04 00 00 01 00 0e 03 6c 1e a1 1c 02 04 00 00 ……..l……. 0030 00 01 02 01 38 30 11 80 08 27 34 02 03 00 92 63 ….80…'4….c 0040 05 02 01 01 05 00 81 00 …….. Data: 62464804000000016b1e281c060700118605010101a01160… [Length: 72]

Is it because of ssn number being used as ‘0’?

Could some one please help me on this?

Thanks, Ravi

asked 08 Jul ‘11, 07:28

rakolla's gravatar image

rakolla
1111
accept rate: 0%

edited 13 Jan ‘12, 12:24

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

I tried with 0 for my traces but nothing changed, I am able to see as before. Could you please share your results, moreover whats the value configured for SUA, I mean the RFC. Thanks

(13 Jan ‘12, 11:51) gsmguy


One Answer:

1

Is it because of ssn number being used as '0'? Yes You need to set the ssn preference of gsm_map to 0 in this case. Regards Anders

answered 10 Jul '11, 09:01

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

edited 10 Jul '11, 16:59

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142

it worked! Thanks Anders

(11 Jul '11, 00:28) rakolla