Ask Your Question
0

How can I get Wireshark to decode ISO SES/PRES/ACSE on top of UDP?

asked 2020-07-16 05:54:42 +0000

0x5453 gravatar image

I'm trying to debug an issue on Philips MX40 wireless patient monitors over a Cisco CAPWAP WLAN infrastructure. I have a capture from the AP wired port and Wireshark opens up CAPWAP ok to show the MX40 to PiC traffic. According to Philips doc, the protocol is ACSE ISO 8650 on top of UDP port 24008. I want to decode that UDP port as SES but Wireshark does not give me that protocol option in the "Decode As" window drop down box. Can anyone suggest how to do it?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-07-16 06:49:35 +0000

Anders gravatar image

Hi, It seams like it's only dissected over cotp

    heur_dissector_add("cotp", dissect_ses_heur, "SES over COTP", "ses_cotp", proto_ses, HEURISTIC_ENABLE);
heur_dissector_add("cotp_is", dissect_ses_heur, "SES over COTP (inactive subset)", "ses_cotp_is", proto_ses, HEURISTIC_ENABLE);

You could open up a bug report requesting an enhancement to dissect SES over UDP but you'll ned to attach a trace to the bug in order for someone to test a solution.

edit flag offensive delete link more

Comments

Enhancement requests are raised at the Wireshark Bugzilla. The SES dissector could also be enhanced to support "Decode As..." as long as it doesn't need anything from the protocol it's being carried over.

grahamb gravatar imagegrahamb ( 2020-07-16 08:41:19 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-07-16 05:54:42 +0000

Seen: 253 times

Last updated: Jul 16 '20