# How to Parse MAC-LTE to PDCP-LTE or HTTP package?

I got a pcap about mac-lte data, and set DLT_USER, DLT=147, Payload Protocol=mac-lte-framed. And it can parse some rrc package. But the user-plane packages parse fail, it also showed mac-lte and the SDU not parse to rlc/pdcp/(ip)http. How to set my wireshark to parse these infomations? Any help?

For example:

Frame 44: 1999 bytes on wire (15992 bits), 1999 bytes captured (15992 bits)
MAC-LTE DL-SCH: (SFN=0   , SF=3) UEId=1   (3:remainder)
[Context (RNTI=2272)]
SDU (3, length=1979 bytes): 8cdc53e0817e4564053cc7994000350664e8174339e9c0a8…

0000   01 01 03 02 08 e0 03 00 01 04 00 03 07 01 0a 00   ................
0010   0f 00 01 03 8c dc 53 e0 81 7e 45 64 05 3c c7 99   ......S..~Ed.<..
0020   40 00 35 06 64 e8 17 43 39 e9 c0 a8 02 02 00 50   @.5.d..C9......P
0030   bf a2 5b 32 6d 81 09 d6 7b 58 80 10 00 eb 40 98   ..[2m...{X....@.
0040   00 00 01 01 08 0a 11 51 14 ee 65 da ae 28 48 54   .......Q..e..(HT
0050   54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43   TP/1.1 200 OK..C
0060   6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70   ontent-Type: app
0070   6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73   lication/octet-s
0080   74 72 65 61 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 4c   tream..Content-L
0090   65 6e 67 74 68 3a 20 31 32 30 33 37 0d 0a 53 65   ength: 12037..Se
........

edit retag close merge delete

Sort by » oldest newest most voted

You need to set the MAC-LTE dissector preferences appropriately.

If all of the relevant RRC signalling is in the capture and is decoded, then you should set 'Source of LCID -> drb channel settings' to 'From configuration protocol. Otherwise, you need to set it to 'From static table' then add appropriate entries in 'LCID -> DRB Mappings Table'. You would then also need to set appropriate preferences in RLC-LTE and PDCP-LTE to get the (unciphered) IPV6(?) payload to decode.

more