|
If Wireshark captures packets after Initiate Service (such as Initiate-Request and Initiate-Response), Wireshark dissects the message down to ISO8823 OSI Presentation Protocol, but the presentation data can't be decoded as MMS. How do I get the MMS portion to decode properly? Network packet: Dissection result from Wireshark 1.2.9: |
|
Hi, That is because there is nothing in that packet saying what the data is except the presentation-context-identifier, to know what the presentation-context is the setup information is needed. It might be possible to create "decode as" functionality but no one has written code to do that yet. Regards Anders re:to know what the presentation-context is the setup information is needed thanks, but what is your mean? about what setup information? additonally, mms-ethereal can dissect that packet the same as before. why wireshark (any version) can not?
(12 Sep '11, 21:56)
ylda_ljm0620
The information in "initiate-request and initiate-response" is needed to know what the presentation conext is. I would guess that it worked earlier at the expence of some other protocol, missinterpreating someting as MMS.
(12 Sep '11, 22:28)
Anders ♦
(please use "add a comment" instead of adding a new answer when responding, see the FAQ for details)
(12 Sep '11, 22:36)
SYN-bit ♦♦
sorry, i will add a comment. initiate-request and initiate-response" means Initiate-RequestPDU and Initiate-ResponsePDU in ISO/FDIS 9506-2.
(12 Sep '11, 23:50)
ylda_ljm0620
when 61850 server associates to 61850 client, they have MMS packets, just Initiate-RequestPDU and Initiate-ResponsePDU. if wireshar is started and captures firstly, and then 61850 server associates to 61850 client, the presentation data can be decoded as MMS. if 61850 server associates to 61850 client firstly, and then wireshar is started and captures, the presentation data can't be decoded as MMS.
(12 Sep '11, 23:50)
ylda_ljm0620
I am sorry. "add a comment" can not let me write follows. so i answer again. mms-ethereal disscets as :
(13 Sep '11, 00:01)
ylda_ljm0620
Sonds lik eyou should open up a bug report and attach the two examples e.g the one working and the one when it's not working
(13 Sep '11, 05:45)
Anders ♦
2
Hi, Go to Edit->preferences->protocol->PRES and edit the users context tale enter context = 3 and OID = 1.0.9506.2.3 and your trace will be dissected as MMS.
(13 Sep '11, 06:39)
Anders ♦
Thanks. it works in wireshark interface. but how to set parameters of "tshark" if i hope to use thark to convert mms packet as before to text.(like the result of 'enter context = 3 and OID = 1.0.9506.2.3') if enter "tshark -r d:sg1.pcap -V -T text > d:sg1.txt", it will appear "single-ASN1-type: A029020201B5A423A121A01F301DA01BA1191A0944455035..." in text.
(14 Sep '11, 01:42)
ylda_ljm0620
I think once you set the setting in the wireshark gui, the tshark interface will pick up those changes, as long as you are the same user. I'm on linux and that is what happens for me. But i think you should be able to access that table from tshark directly, but I don't know the syntax
(14 Sep '11, 12:57)
iondiode
showing 5 of 10
show 5 more comments
|
