Ask Your Question
0

Decode an LCS Payload Container Contents in NAS MM Message

asked 2025-01-30 19:46:09 +0000

sarbatrik gravatar image

I am unable to observe the packet structure of an LCS message carried as NAS transport in a NAS MM Payload Container. While LPP and SM messages are clearly observed. I am still unable to observe LCS message structure on Wireshark.

Am I not enabling something or is there no LCS Payload decoding support in Wireshark.

I am using Ubuntu 20.04.6 LTS as my OS and Wireshark 4.4.3 (which i upgraded from 4,2 on Jan 31st, 2025)

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2025-02-04 18:34:55 +0000

Pascal Quantin gravatar image

Hi,

LCS dissection was not coded due to the lack of a sample capture to test it. Would you be able to provide one?

Best regards, Pascal.

edit flag offensive delete link more

Comments

Hi Pascal, Thank you very much. Atleast I can see some part of the container decoded based on your comment above.

Neverthless I was not able to test the v4.5.0rc0-1782-g400b0a367bdb developement build on my system. I got "Qt6Config.cmake not available error" and I wasnt able to install Qt6 as well.

Is there any guiding document in Wireshark Developer Community for this purpose ?

I am using OS : Ubuntu 20.04.6 LTS

Best regards, Sarbatrik.

sarbatrik gravatar imagesarbatrik ( 2025-02-14 06:01:45 +0000 )edit
add a comment
0

answered 2025-02-12 12:55:36 +0000

sarbatrik gravatar image

updated 2025-02-12 14:10:32 +0000

grahamb gravatar image

Hi Pascal,

Thanks for the response. I have a sample LCS capture which is based on my understanding TS 24080

NG Application Protocol (UplinkNASTransport)
    NGAP-PDU: initiatingMessage (0)
        initiatingMessage
            procedureCode: id-UplinkNASTransport (46)
            criticality: ignore (1)
            value
                UplinkNASTransport
                    protocolIEs: 4 items
                        Item 0: id-AMF-UE-NGAP-ID
                            ...
                        Item 1: id-RAN-UE-NGAP-ID
                            ...
                        Item 2: id-NAS-PDU
                            ProtocolIE-Field
                                id: id-NAS-PDU (38)
                                criticality: reject (0)
                                value
                                    NAS-PDU: 7e0223f1fa2c037e006707000d0b2a1c09a20700010202017465
                                        Non-Access-Stratum 5GS (NAS)PDU
                                            Security protected NAS 5GS message
                                                Extended protocol discriminator: 5G mobility management messages (126)
                                                0000 .... = Spare Half Octet: 0
                                                .... 0010 = Security header type: Integrity protected and ciphered (2)
                                                Message authentication code: 0x23f1fa2c
                                                Sequence number: 3
                                            Plain NAS 5GS Message
                                                Extended protocol discriminator: 5G mobility management messages (126)
                                                0000 .... = Spare Half Octet: 0
                                                .... 0000 = Security header type: Plain NAS message, not security protected (0)
                                                Message type: UL NAS transport (0x67)
                                                0000 .... = Spare Half Octet: 0
                                                **Payload container type**
                                                    .... 0111 = Payload container type: Location services message container (7)
                                                **Payload container**
                                                    Length: 13
                                                    Payload container: 0b2a1c09a20700010202017465
                        Item 3: id-UserLocationInformation
                            ProtocolIE-Field
                                id: id-UserLocationInformation (121)
                                criticality: reject (0)
                                value
                                    ....

Best regards, Sarbatrik.

edit flag offensive delete link more

Comments

Hi Sarbatrik,

do you have the decoding of the payload container? Because my first attempt to decode it give the following BER errors:

Non-Access-Stratum 5GS (NAS)PDU
    Security protected NAS 5GS message
        Extended protocol discriminator: 5G mobility management messages (126)
        0000 .... = Spare Half Octet: 0
        .... 0010 = Security header type: Integrity protected and ciphered (2)
        Message authentication code: 0x23f1fa2c
        Sequence number: 3
    Plain NAS 5GS Message
        Extended protocol discriminator: 5G mobility management messages (126)
        0000 .... = Spare Half Octet: 0
        .... 0000 = Security header type: Plain NAS message, not security protected (0)
        Message type: UL NAS transport (0x67)
        0000 .... = Spare Half Octet: 0
        Payload container type
            .... 0111 = Payload container type: Location services message container (7)
        Payload container
            Length: 13
            GSM A-I/F DTAP - Release Complete
                Protocol Discriminator: Non call related SS messages (11)
                    .... 1011 = Protocol discriminator: Non call related SS messages (0xb)
                    0... .... = TI flag: allocated by sender
                    .000 .... = TIO: 0
                00.. .... = Sequence ...
(more)
Pascal Quantin gravatar imagePascal Quantin ( 2025-02-12 15:58:55 +0000 )edit

Hi Pascal,

Thanks for your response . I do not have a full decoding of the payload container. I have only a decoding of the LocationNotificationRes inside the Return Result Component which looks as below. 

LocationNotificationRes ::= {
    verificationResponse: 1
    locationPrivacyIndication: 1
}

But I think there was a mistake at the starting of the value part of Facility where you encountered a BER error. I think I had encoded the first byte of the value part as 00 , which should have been 02.

I think the NAS Message should look as follows:

Non-Access-Stratum 5GS (NAS)PDU
    Security protected NAS 5GS message
        Extended protocol discriminator: 5G mobility management messages (126)
        0000 .... = Spare Half Octet: 0
        .... 0010 = Security header type: Integrity protected and ciphered (2)
        Message authentication code: 0x73a1bed6
        Sequence number: 3
    Plain NAS 5GS Message
        Extended protocol discriminator: 5G mobility management messages (126)
        0000 .... = Spare Half Octet: 0
        .... 0000 = Security header type: Plain NAS ...
(more)
sarbatrik gravatar imagesarbatrik ( 2025-02-13 06:49:03 +0000 )edit

I still get a decoding error:

Non-Access-Stratum 5GS (NAS)PDU
Security protected NAS 5GS message
    Extended protocol discriminator: 5G mobility management messages (126)
    0000 .... = Spare Half Octet: 0
    .... 0010 = Security header type: Integrity protected and ciphered (2)
    Message authentication code: 0x23f1fa2c
    Sequence number: 3
Plain NAS 5GS Message
    Extended protocol discriminator: 5G mobility management messages (126)
    0000 .... = Spare Half Octet: 0
    .... 0000 = Security header type: Plain NAS message, not security protected (0)
    Message type: UL NAS transport (0x67)
    0000 .... = Spare Half Octet: 0
    Payload container type
        .... 0111 = Payload container type: Location services message container (7)
    Payload container
        Length: 20
        GSM A-I/F DTAP - Release Complete
            Protocol Discriminator: Non call related SS messages (11)
                .... 1011 = Protocol discriminator: Non call related SS messages (0xb)
                0... .... = TI flag: allocated by sender
                .000 .... = TIO: 0
            00.. .... = Sequence number: 0
            ..10 1010 = DTAP Non call Supplementary Service Message Type: Release Complete (0x2a)
            Facility
                Element ID ...
(more)
Pascal Quantin gravatar imagePascal Quantin ( 2025-02-13 10:27:24 +0000 )edit

Hi Pascal, Thank you very much. Atleast I can see some part of the container decoded based on your comment above.

Neverthless I was not able to test the v4.5.0rc0-1782-g400b0a367bdb developement build on my system. I got "Qt6Config.cmake not available error" and I wasnt able to install Qt6 as well.

Best regards, Sarbatrik.

sarbatrik gravatar imagesarbatrik ( 2025-02-13 13:40:34 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2025-01-30 19:46:09 +0000

Seen: 475 times

Last updated: Feb 13

Related questions

Decoding NAS-5GS with 5G-EA0

What filter(s) to apply to decode a LCS message sent by UE in 5G?

Issue with decoding NGAP messages

tshark how to enable nas-5gs EEA0 decrypt

Will there be an NAS-5GS over UDP dissector?

NAS-PDU confusion

NAS over NGAP ciphered - can it be deciphered?