Ask Your Question

Pascal Quantin's profile - activity

2020-01-06 14:12:16 +0000 commented question lte_rrc ue capability not getting decoded though this is decoded in s1ap

Hi Akhila, There is no known issue with S1AP decoding in Wireshark. So what is supposed to be this payload? This is no

2019-12-11 18:09:17 +0000 commented answer Wireshark crashes in the “Enabled Protocols” dialog box

Thanks for the report, we are currently working on a fix.

2019-12-11 18:09:07 +0000 commented answer Wireshark crashes in the “Enabled Protocols” dialog box

THanks for the report, we are currently working on a fix.

2019-11-18 12:19:07 +0000 commented answer How to find mapping for dissector?

And to complete @grahamb answer, there is no registered dissector for the RadioBearerConfig IE: instead where needed in

2019-10-30 09:06:54 +0000 received badge  Rapid Responder (source)
2019-10-30 09:06:54 +0000 answered a question how to generate c code from asn1?

The template and conformation files are written by hand. You can find some basic documentation here and by looking at t

2019-10-16 15:39:51 +0000 edited answer How to increase the USB snap/buffer length to capture bigger packages?

This sounds like the issue fixed in USBPcap 1.5.3.0 (see https://github.com/desowin/usbpcap/releases). To use this vers

2019-10-16 15:39:39 +0000 answered a question How to increase the USB snap/buffer length to capture bigger packages?

This sounds like the issue fixed in USBPcap 1.5.3.0 (see https://github.com/desowin/usbpcap/releases). To use this vers

2019-10-16 15:39:39 +0000 received badge  Rapid Responder (source)
2019-10-15 18:48:17 +0000 answered a question TLS\SSL pcap with key - save decrypted output to pcap file without the attach key

You can also save the decrypted packets starting from Wireshark 2.0 (if I remember correctly) by clicking on File ->

2019-10-15 18:48:17 +0000 received badge  Rapid Responder (source)
2019-09-06 07:23:32 +0000 commented answer LoRaWan PCAP, wireshark not able to interpret

At the beginning of your file you should have a pcap_hdr_t structure. Then for each packet you should have a pcaprec_hdr

2019-09-05 14:04:58 +0000 answered a question LoRaWan PCAP, wireshark not able to interpret

Hi, your libpcap header format seems wrong (for example fields like major and minor versions are 2 bytes long, not 1, t

2019-09-05 14:04:58 +0000 received badge  Rapid Responder (source)
2019-08-30 10:41:44 +0000 commented answer 5G SM OTA message decodes fail

The fix is now merged you can pick a new development build.

2019-08-30 06:49:56 +0000 commented answer 5G SM OTA message decodes fail

Hi Jouman, Thanks for the report, the fix for the IE decoding is under review here: https://code.wireshark.org/review/#

2019-08-29 17:24:34 +0000 received badge  Rapid Responder (source)
2019-08-29 17:24:34 +0000 answered a question Pcap files are opening very slow

This behavior is often seen when you have a big (Pre)-Master-Secret log file (in TLS/SSL preferences) and you have TLS/S

2019-08-21 15:38:36 +0000 commented answer Can Wireshark parse and decode LPPe?

You are welcome. Please consider accepting my answer by clicking on the green check mark.

2019-08-21 15:37:23 +0000 commented answer wireshark not dissecting the entire context of mac-nr sent over udp

You are welcome. Please consider accepting my answer.

2019-08-19 18:02:59 +0000 edited answer Can Wireshark parse and decode LPPe?

Indeed LPP decoding from a NAS 5GS PDU was not implemented yet. I added it in https://code.wireshark.org/review/#/c/3432

2019-08-19 18:02:46 +0000 edited answer Can Wireshark parse and decode LPPe?

Indeed LPP decoding from a NAS 5GS PDU was not implemented yet. I added it in https://code.wireshark.org/review/#/c/3432

2019-08-19 17:22:51 +0000 received badge  Rapid Responder (source)
2019-08-19 17:22:51 +0000 answered a question Can Wireshark parse and decode LPPe?

Indeed LPP decoding from a NAS 5GS PDU was not implemented yet. I added it in https://code.wireshark.org/review/#/c/3432

2019-08-17 17:17:19 +0000 edited answer wireshark not dissecting the entire context of mac-nr sent over udp

Starting from Wireshark v3.1.1rc0-156-gb709c7ccc7d3 nightly build, the time information is now present in the MAC NR con

2019-08-17 17:16:54 +0000 answered a question wireshark not dissecting the entire context of mac-nr sent over udp

Starting from Wireshark v3.1.1rc0-156-gb709c7ccc7d3 nightly build, the time information is now present in the MAC NR con

2019-07-29 07:13:47 +0000 commented answer wireshark not dissecting the entire context of mac-nr sent over udp

It seems like we forgot to add the field when decoding any PDU other than RAR. I will double check this when I'm back fr

2019-07-27 17:00:19 +0000 commented answer wireshark not dissecting the entire context of mac-nr sent over udp

In most cases they are not part of the UDP payload, but come from the DCT2000 dissector. The framing is a convenience fo

2019-07-27 16:54:12 +0000 commented answer wireshark not dissecting the entire context of mac-nr sent over udp

In most cases they are not part of the UDP payload, but come from the DCT2000 dissector. The framing is a convenience fo

2019-07-27 16:51:59 +0000 commented answer wireshark not dissecting the entire context of mac-nr sent over udp

In most cases they are not part of the UDP payload, but come from the DCT2000 dissector. The framing is a convenience fo

2019-07-27 16:49:34 +0000 commented answer wireshark not dissecting the entire context of mac-nr sent over udp

In most cases they are not part of the UDP payload, but come from the DCT2000 dissector. The framing is a convenience fo

2019-07-26 20:30:41 +0000 commented answer wireshark not dissecting the entire context of mac-nr sent over udp

Those fields do not belong to the PDU, but from a context coming from loyer layers (or the framing protocol over UDP). I

2019-07-26 16:02:10 +0000 commented answer Wireshark don't see traffic on UE's control plane in LTE (using srsLTE-emane)

Sorry I missed it ;)

2019-07-26 15:45:16 +0000 commented answer Wireshark don't see traffic on UE's control plane in LTE (using srsLTE-emane)

Glad to know that it helped. Then please consider accepting my answer. Best regards, Pascal.

2019-06-21 16:27:54 +0000 commented answer Can Wireshark dissect DCI messages in LTE?

Not that I'm aware of. Anyway you would need to define a transport format to send it to Wireshark. If you have the raw p

2019-06-21 11:00:47 +0000 received badge  Rapid Responder (source)
2019-06-21 11:00:47 +0000 answered a question Can Wireshark dissect DCI messages in LTE?

Hi, No Wireshark does not embed by default a DCI decoder. Best regards, Pascal.

2019-06-18 19:13:53 +0000 received badge  Rapid Responder (source)
2019-06-18 19:13:53 +0000 answered a question GPRS: PACKET SI STATUS Decoding Problem

Hi Nalin, thanks for the report. I pushed a fix here: https://code.wireshark.org/review/#/c/33648/

2019-06-13 14:54:01 +0000 answered a question How ProtoField name are displayed ?

As documented here, ProtoField.int16 and ProtoField.newhave their 2 first parameters swapped. So what you see is normal,

2019-06-13 14:54:01 +0000 received badge  Rapid Responder (source)
2019-05-21 13:49:46 +0000 answered a question Non-IP payload over CoAP protocol

Hi Maddy, presumably you are using Control Plane EPS Optimization and the non-IP payload is encapsulated in ESM data tr

2019-05-21 13:49:46 +0000 received badge  Rapid Responder (source)
2019-05-15 21:19:29 +0000 commented answer Can I protect a lua text script not to read?

We are using GPL, not LGPL. So the source code must be provided if requested, as indicated by Jeff.

2019-05-11 15:10:38 +0000 commented answer How can I delete first n number of frames from memory in tshark

See this blog entry.

2019-05-11 11:35:19 +0000 received badge  Rapid Responder (source)
2019-05-11 11:35:19 +0000 answered a question Wireshark don't see traffic on UE's control plane in LTE (using srsLTE-emane)

Hi Andrea, the communication between the eNB and the Core Network (MME for the control pane, SGW for the data plane) is

2019-02-04 21:22:12 +0000 commented question Is 5G NGAP/NAS Registration decode broken in 2.9.1.x versions

Which version of NAS-5GS is using your product? Wireshark 2.9.1 is currently being upgraded to December 18 releases, tha

2019-02-03 18:31:21 +0000 commented answer Correlation-id in S1AP

Based on 3GPP requirement, yes it should be as explained above. Wireshark will decode it as correlation id if the generi

2019-01-29 21:24:07 +0000 edited answer Correlation-id in S1AP

Hi, I based this on 3GPP 24.301 CR 0640 and 3GPP 24.171 (that suggests to use the correlation ID as the Routing Identif