Ask Your Question
0

LTE RRC dissector, are packets being misinterpreted ???

asked 2018-12-28 17:14:30 +0000

Sergio Z Arnosti gravatar image

updated 2018-12-28 17:15:36 +0000

Hi friends,

I found a divergence in LTE packet interpretation. In wireshark 2.2.7 seems to be correct, but in the newer 2.6.5 it seems wrong.

If you can see in the images, at version 2.2.7 the packet number 63246 is being interpreted with protocol LTE RRC UL_DCCH/NAS-EPS (Uplink) and the info shows RRCConnectionSetupComplete.

But at 2.6.5, the same packet is being interpreted with protocol LTE RRC BCCH_BCH and the info shows MasterInformationBlock (SFN=78).

The packets from Uplink direction apparently are being interpreted as Broadcast.

Does anyone knows if this is realy a bug in the wireshark 2.6.5 implementation ?

WIRESHARK 2.2.7: https://ibb.co/WPhcLnc

WIRESHARK 2.6.5: https://ibb.co/YXVv93C

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-12-28 17:46:38 +0000

Pascal Quantin gravatar image

Hi Sergio,

based on the pictures you have one or several custom dissectors between the UDP payload and the call to the LTE RRC dissector (by custom I mean not part of the official Wireshark distribution). The bug must be here as I can ensure you that the LTE RRC dissector is not buggy in 2.6.5 version. Presumably your custom dissector is not calling the right LTE RRC dissector. Without knowing more about it, I cannot help further but you should review this code part.

edit flag offensive delete link more

Comments

Hi Pascal,

Thank you for the reply.

We are using a third part dissector for the FAPI messages.

With the wireshark 2.2.7 it works fine, but the same dissector with the 2.6.5 not. I made the proper modifications in the FAPI dissector to work with the new wireshark, but it is only giving problem with the RRC messages in the Uplink direction, I saw that had a lot of modifications in the RRC dissector from 2.2.7 to 2.6.5, for this reason I decided to ask here.\

I will try to find where the fapi dissector calls the RRC. If you have more advice, I will appreciate.

Thanks

Sergio Z Arnosti gravatar imageSergio Z Arnosti ( 2018-12-28 17:58:35 +0000 )edit

hi, Sergio could you please share the dissector of FAPI to me? i am looking for it a long time. you can reach me by [email protected], thanks a lot!

babycrazy80 gravatar imagebabycrazy80 ( 2019-12-06 01:20:02 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-12-28 17:14:30 +0000

Seen: 564 times

Last updated: Dec 28 '18