Ask Your Question

Pascal Quantin's profile - activity

2019-10-30 09:06:54 +0000 answered a question how to generate c code from asn1?

The template and conformation files are written by hand. You can find some basic documentation here and by looking at t

2019-10-30 09:06:54 +0000 received badge  Rapid Responder (source)
2019-10-16 15:39:51 +0000 edited answer How to increase the USB snap/buffer length to capture bigger packages?

This sounds like the issue fixed in USBPcap 1.5.3.0 (see https://github.com/desowin/usbpcap/releases). To use this vers

2019-10-16 15:39:39 +0000 received badge  Rapid Responder (source)
2019-10-16 15:39:39 +0000 answered a question How to increase the USB snap/buffer length to capture bigger packages?

This sounds like the issue fixed in USBPcap 1.5.3.0 (see https://github.com/desowin/usbpcap/releases). To use this vers

2019-10-15 18:48:17 +0000 answered a question TLS\SSL pcap with key - save decrypted output to pcap file without the attach key

You can also save the decrypted packets starting from Wireshark 2.0 (if I remember correctly) by clicking on File ->

2019-10-15 18:48:17 +0000 received badge  Rapid Responder (source)
2019-09-06 07:23:32 +0000 commented answer LoRaWan PCAP, wireshark not able to interpret

At the beginning of your file you should have a pcap_hdr_t structure. Then for each packet you should have a pcaprec_hdr

2019-09-05 14:04:58 +0000 received badge  Rapid Responder (source)
2019-09-05 14:04:58 +0000 answered a question LoRaWan PCAP, wireshark not able to interpret

Hi, your libpcap header format seems wrong (for example fields like major and minor versions are 2 bytes long, not 1, t

2019-08-30 10:41:44 +0000 commented answer 5G SM OTA message decodes fail

The fix is now merged you can pick a new development build.

2019-08-30 06:49:56 +0000 commented answer 5G SM OTA message decodes fail

Hi Jouman, Thanks for the report, the fix for the IE decoding is under review here: https://code.wireshark.org/review/#

2019-08-29 17:24:34 +0000 answered a question Pcap files are opening very slow

This behavior is often seen when you have a big (Pre)-Master-Secret log file (in TLS/SSL preferences) and you have TLS/S

2019-08-29 17:24:34 +0000 received badge  Rapid Responder (source)
2019-08-21 15:38:36 +0000 commented answer Can Wireshark parse and decode LPPe?

You are welcome. Please consider accepting my answer by clicking on the green check mark.

2019-08-21 15:37:23 +0000 commented answer wireshark not dissecting the entire context of mac-nr sent over udp

You are welcome. Please consider accepting my answer.

2019-08-19 18:02:59 +0000 edited answer Can Wireshark parse and decode LPPe?

Indeed LPP decoding from a NAS 5GS PDU was not implemented yet. I added it in https://code.wireshark.org/review/#/c/3432

2019-08-19 18:02:46 +0000 edited answer Can Wireshark parse and decode LPPe?

Indeed LPP decoding from a NAS 5GS PDU was not implemented yet. I added it in https://code.wireshark.org/review/#/c/3432

2019-08-19 17:22:51 +0000 received badge  Rapid Responder (source)
2019-08-19 17:22:51 +0000 answered a question Can Wireshark parse and decode LPPe?

Indeed LPP decoding from a NAS 5GS PDU was not implemented yet. I added it in https://code.wireshark.org/review/#/c/3432

2019-08-17 17:17:19 +0000 edited answer wireshark not dissecting the entire context of mac-nr sent over udp

Starting from Wireshark v3.1.1rc0-156-gb709c7ccc7d3 nightly build, the time information is now present in the MAC NR con

2019-08-17 17:16:54 +0000 answered a question wireshark not dissecting the entire context of mac-nr sent over udp

Starting from Wireshark v3.1.1rc0-156-gb709c7ccc7d3 nightly build, the time information is now present in the MAC NR con

2019-07-29 07:13:47 +0000 commented answer wireshark not dissecting the entire context of mac-nr sent over udp

It seems like we forgot to add the field when decoding any PDU other than RAR. I will double check this when I'm back fr

2019-07-27 17:00:19 +0000 commented answer wireshark not dissecting the entire context of mac-nr sent over udp

In most cases they are not part of the UDP payload, but come from the DCT2000 dissector. The framing is a convenience fo

2019-07-27 16:54:12 +0000 commented answer wireshark not dissecting the entire context of mac-nr sent over udp

In most cases they are not part of the UDP payload, but come from the DCT2000 dissector. The framing is a convenience fo

2019-07-27 16:51:59 +0000 commented answer wireshark not dissecting the entire context of mac-nr sent over udp

In most cases they are not part of the UDP payload, but come from the DCT2000 dissector. The framing is a convenience fo

2019-07-27 16:49:34 +0000 commented answer wireshark not dissecting the entire context of mac-nr sent over udp

In most cases they are not part of the UDP payload, but come from the DCT2000 dissector. The framing is a convenience fo

2019-07-26 20:30:41 +0000 commented answer wireshark not dissecting the entire context of mac-nr sent over udp

Those fields do not belong to the PDU, but from a context coming from loyer layers (or the framing protocol over UDP). I

2019-07-26 16:02:10 +0000 commented answer Wireshark don't see traffic on UE's control plane in LTE (using srsLTE-emane)

Sorry I missed it ;)

2019-07-26 15:45:16 +0000 commented answer Wireshark don't see traffic on UE's control plane in LTE (using srsLTE-emane)

Glad to know that it helped. Then please consider accepting my answer. Best regards, Pascal.

2019-06-21 16:27:54 +0000 commented answer Can Wireshark dissect DCI messages in LTE?

Not that I'm aware of. Anyway you would need to define a transport format to send it to Wireshark. If you have the raw p

2019-06-21 11:00:47 +0000 received badge  Rapid Responder (source)
2019-06-21 11:00:47 +0000 answered a question Can Wireshark dissect DCI messages in LTE?

Hi, No Wireshark does not embed by default a DCI decoder. Best regards, Pascal.

2019-06-18 19:13:53 +0000 received badge  Rapid Responder (source)
2019-06-18 19:13:53 +0000 answered a question GPRS: PACKET SI STATUS Decoding Problem

Hi Nalin, thanks for the report. I pushed a fix here: https://code.wireshark.org/review/#/c/33648/

2019-06-13 14:54:01 +0000 answered a question How ProtoField name are displayed ?

As documented here, ProtoField.int16 and ProtoField.newhave their 2 first parameters swapped. So what you see is normal,

2019-06-13 14:54:01 +0000 received badge  Rapid Responder (source)
2019-05-21 13:49:46 +0000 answered a question Non-IP payload over CoAP protocol

Hi Maddy, presumably you are using Control Plane EPS Optimization and the non-IP payload is encapsulated in ESM data tr

2019-05-21 13:49:46 +0000 received badge  Rapid Responder (source)
2019-05-15 21:19:29 +0000 commented answer Can I protect a lua text script not to read?

We are using GPL, not LGPL. So the source code must be provided if requested, as indicated by Jeff.

2019-05-11 15:10:38 +0000 commented answer How can I delete first n number of frames from memory in tshark

See this blog entry.

2019-05-11 11:35:19 +0000 received badge  Rapid Responder (source)
2019-05-11 11:35:19 +0000 answered a question Wireshark don't see traffic on UE's control plane in LTE (using srsLTE-emane)

Hi Andrea, the communication between the eNB and the Core Network (MME for the control pane, SGW for the data plane) is

2019-02-04 21:22:12 +0000 commented question Is 5G NGAP/NAS Registration decode broken in 2.9.1.x versions

Which version of NAS-5GS is using your product? Wireshark 2.9.1 is currently being upgraded to December 18 releases, tha

2019-02-03 18:31:21 +0000 commented answer Correlation-id in S1AP

Based on 3GPP requirement, yes it should be as explained above. Wireshark will decode it as correlation id if the generi

2019-01-29 21:24:07 +0000 edited answer Correlation-id in S1AP

Hi, I based this on 3GPP 24.301 CR 0640 and 3GPP 24.171 (that suggests to use the correlation ID as the Routing Identif

2019-01-29 20:42:53 +0000 edited answer Correlation-id in S1AP

Hi, I based this on 3GPP 24.301 CR 0640 and 3GPP 24.171 (that suggests to se the correlation ID as the Routing Identifi

2019-01-29 20:42:42 +0000 edited answer Correlation-id in S1AP

Hi, I based this on 3GPP 24.301 CR 0640 and 3GPP 24.171 (that suggests to se the correlation ID as the Routing Identifi

2019-01-29 20:41:39 +0000 received badge  Rapid Responder (source)
2019-01-29 20:41:39 +0000 answered a question Correlation-id in S1AP

Hi, I based this on 3GPP 24.301 CR 0640 and 3GPP 24.171 (that suggests to se the correlation ID as the Routing Identifi