Ask Your Question
0

Radius 3GPP-User-Location-Info, bug or my mistake?

asked 2022-07-26 12:27:30 +0000

JediMaster93 gravatar image

Hi, I am testing the extended eNodeB ID type in the 3GPP-User-Location-Info avp, and came across something strange, and I am not sure if I am missing something or if this is a wireshark bug.

Take a look at the attached screenshot and the last 3 bytes (81 22 33), then take a look at how wireshark decoded SMeNB, it decoded it as if the first bit is 0, but if you convert 81 to binary you get 10000001.

So shouldn't wireshark decode the SmeNB bit as a 1? I am testing with wireshark and just kinda confused if I made a mistake or looking at a bug. I used wireshark on windows 7 version 3.6.6

Screenshot:alt text

edit retag flag offensive close merge delete

Comments

There was a similar (now closed) issue - 16822: Ng-enb not decoded correctly for Target Identification IE for GTPV2 - but no sample capture file was provided for it.
Can you share a capture file on a public file share and add a link to it in your question.

Chuckc gravatar imageChuckc ( 2022-07-26 15:20:05 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-07-26 20:32:15 +0000

Chuckc gravatar image

Fix pending in Issue 18225: gtpv2: SMeNB display in tree, Merge Request 7526: gtpv2: adjust field size and bitmask for gtpv2.smenb

edit flag offensive delete link more

Comments

Hey Chuckc, huge thanks for fixing the issue, and sorry for not uploading the pcap as I didn't see the comment, I just saw the email now that you replied.

Im also in the process of testing other newer types like type 139, and it doesnt seem to be decoding properly. but I still need to double-check if its a bug on my end or in wireshark. If I cant see an issue on my end should I upload the pcap here? Thanks again for all the help!

JediMaster93 gravatar imageJediMaster93 ( 2022-07-26 22:11:01 +0000 )edit

Because of past problems with scammers, there are no file uploads on this site. The policy is to stick the pcap on a public file share (Google, Dropbox, Onedrive, ...) and post a link to it here.

Chuckc gravatar imageChuckc ( 2022-07-26 22:27:15 +0000 )edit

The change has been merged into the -dev branch and was also cherry picked back to 3.4 and 3.6.

The Wireshark Roadmap shows new releases coming out soon (maybe tomorrow).

If you're on a 64-bit machine and want to try the -dev branch, the automated builds are available. Pick a version >= Wireshark-win64-3.7.2rc0-235-gc4f983141278.exe

Chuckc gravatar imageChuckc ( 2022-07-27 02:45:14 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-07-26 12:27:30 +0000

Seen: 398 times

Last updated: Jul 26 '22

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2