How can I get Wireshark to decode ISO SES/PRES/ACSE on top of UDP?

asked 2020-07-16 05:54:42 +0000

I'm trying to debug an issue on Philips MX40 wireless patient monitors over a Cisco CAPWAP WLAN infrastructure. I have a capture from the AP wired port and Wireshark opens up CAPWAP ok to show the MX40 to PiC traffic. According to Philips doc, the protocol is ACSE ISO 8650 on top of UDP port 24008. I want to decode that UDP port as SES but Wireshark does not give me that protocol option in the "Decode As" window drop down box. Can anyone suggest how to do it?

answered 2020-07-16 06:49:35 +0000

Anders

5023 ●97 ●58

Hi, It seams like it's only dissected over cotp

    heur_dissector_add("cotp", dissect_ses_heur, "SES over COTP", "ses_cotp", proto_ses, HEURISTIC_ENABLE);
heur_dissector_add("cotp_is", dissect_ses_heur, "SES over COTP (inactive subset)", "ses_cotp_is", proto_ses, HEURISTIC_ENABLE);

You could open up a bug report requesting an enhancement to dissect SES over UDP but you'll ned to attach a trace to the bug in order for someone to test a solution.

edit flag offensive delete link

Comments

Enhancement requests are raised at the Wireshark Bugzilla. The SES dissector could also be enhanced to support "Decode As..." as long as it doesn't need anything from the protocol it's being carried over.

grahamb ( 2020-07-16 08:41:19 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

How can I get Wireshark to decode ISO SES/PRES/ACSE on top of UDP?

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

How can I get Wireshark to decode ISO SES/PRES/ACSE on top of UDP? edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

How can I get Wireshark to decode ISO SES/PRES/ACSE on top of UDP?