Wireshark detects DPNSS / DASS2 protocol in SCTP packets.
But it cannot recognize the content of DPNSS / DASS2 protocol.
Please tell me where could the error be?
And how can I figure out what's in DPNSS / DASS2?
Here is the screen of Wireshark where DPNSS / DASS2 protocol shown
If you follow the RFC chain, it seems the DUA data is scrambled.
It seems to be the correct length (56 = 0x38) but the fields, starting with version, don't make sense.
The RFC says only version 1 is supported and the screen shot shows - Version: Unknown (0)
As @Anders asked above, is it possible that this is a different message type using the DUA PPID of 10?
SCTP Payload Protocol Identifiers = 10 (DUA) RFC4129
RFC4129 - Digital Private Network Signaling System (DPNSS)/Digital Access Signaling System 2 (DASS 2) Extensions to the IUA Protocol
This document defines a mechanism for backhauling Digital Private Network Signaling System 1 (DPNSS 1) and Digital Access Signaling System 2 (DASS 2) messages over IP by extending the ISDN User Adaptation (IUA) Layer Protocol defined in RFC 3057.
RFC4233 (obsoletes RFC3057) - Integrated Services Digital Network (ISDN) Q.921-User Adaptation Layer
3.1. Common Message Header
The protocol messages for Q.921-User Adaptation require a message
header that contains the adaptation layer version, the message type,
and message length.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version | Reserved | Message Class | Message Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2. Common Header Format
All fields in an IUA message MUST be transmitted in the network byte
order, unless otherwise stated.
3.1.1. Version
The version field contains the version of the IUA adaptation layer.
The supported versions are the following:
Value Version
----- -------
1 Release 1.0
Asked: 2021-02-17 15:59:44 +0000
Seen: 137 times
Last updated: Feb 20 '21
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
There is a pcap attached to "Per-packet memory corrupted" crashes if file contains DUA packets that has a few
DUAframes.Do they look like the decode information you're looking for?
Here is the screen of Wireshark where DPNSS / DASS2 protocol shown Wireshark screen - DPNSS / DASS2 protocol
Are you sure it's DUA over SCTP? Not something else using that ppid?
As stated in RFC4960, the SCTP protocol has no effect on what data it carries. I'm not sure if this is exactly DPNSS / DASS2.
https://www.iana.org/assignments/sctp... see value 10