Ask Your Question
0

GSM DTAP malformed packet

asked 2020-04-24 14:50:16 +0000

Hello everyone.

I've got a packet that is technical a call setup from a PRI plugged into a Cisco AS5400. This message is passed via IUA to a server.

Wireshark sees this as "Stream Control Transmission Protocol" > ISDN Q.921-User Adaptation Layer > Radio Signalling Link (RSL) > GSM A-I/F DTAP.

Wireshark complains that this is a malformed GSM DTAP message. And doesn't seem to display any of the raw ISDN message as it comes off the PRI (I'm looking for stuff like called number, source number..etc). I know it's in this particular packet, Because it can be seen in the lower raw section.

I'm not really sure what the message should be. But I don't think it's RSL. Disabling RSL and GSM DTAP just leave the data undecoded.

Screenshot

http://cdn.141networks.com/images/mal...

image description

edit retag flag offensive close merge delete

Comments

Have you played around with the various dissection preferences of the protocols?

Jaap gravatar imageJaap ( 2020-04-24 18:25:34 +0000 )edit

Yes, Took a few settings to even get it this far. Specifically the RUDP port and some MTP3 stuff. However, I've not been able to find GSM A-I/F DTAP in the protocols portion of preferences. If I right click on the field in the capture. I get the option to "disable GSM DTAP". Which seems to mean I should find it in the protocol list. But I've not found it. Closest thing is GSMTAP. And none of the settings there make any difference.

nick@141networks.com gravatar image[email protected] ( 2020-04-24 19:11:15 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-04-25 13:25:38 +0000

Anders gravatar image

updated 2020-04-27 07:50:07 +0000

Look at the IUA preferences, you probably want to uncheck Use GSM SAPI values

edit flag offensive delete link more

Comments

That was it. Thanks so much!

nick@141networks.com gravatar image[email protected] ( 2020-04-27 14:34:07 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-04-24 14:50:16 +0000

Seen: 58 times

Last updated: Apr 27