Ask Your Question

MartinM's profile - activity

2024-07-19 07:23:07 +0000 commented question How can i decode rrc packet in wireshark for zmq?

Are the RRC packets sent across ZeroMQ sockets? If so, there is now a zmtp dissector in the developer branch. It's pr

2024-07-18 20:42:28 +0000 received badge  Rapid Responder (source)
2024-07-18 20:42:28 +0000 answered a question How can i decode rrc packet in wireshark for zmq?

Are the RRC packets sent across ZeroMQ sockets? If so, there is now a zmtp dissector in the developer branch. It's pr

2024-07-18 20:42:21 +0000 received badge  Rapid Responder
2024-07-18 20:42:21 +0000 answered a question How can i decode rrc packet in wireshark for zmq?

Are the RRC packets sent across ZeroMQ sockets? If so, there is now a zmtp dissector in the developer branch. It's pr

2024-05-31 09:41:14 +0000 commented answer NR-RRC : how to decrypt encrypt NR-RRC message in pcap

Sorry, I didn't see your replies. Hope you got this resolved. RRC messages can be found in several different places, P

2024-05-28 13:49:15 +0000 commented answer [RLC-LTE] Sequence analysis problem?

If/when fixed, it would be available in wireshark/tshark for all platforms. For sending the pcap, I don't really want t

2024-05-24 09:14:35 +0000 received badge  Rapid Responder (source)
2024-05-24 09:14:35 +0000 answered a question [RLC-LTE] Sequence analysis problem?

The problem is that the entries for that UE in sequence_analysis_channel_hash are not reset. This could be done in resp

2024-04-29 17:44:31 +0000 received badge  Rapid Responder
2024-04-29 17:44:31 +0000 answered a question How can one play AMR Payload RTP

Looking back at this comment - https://gitlab.com/wireshark/wireshark/-/merge_requests/10025#note_1322167990 - we have n

2024-04-16 22:08:16 +0000 commented question Custom ecpri dissector based on original implementation

I am curious about the changes you need to make. I made it call the ORAN FH CUS dissector for the message types it hand

2024-04-16 22:05:01 +0000 commented question Custom ecpri dissector based on original implementation

I am curious about the whatever changes you need to make. I made it call the ORAN FH CUS dissector for the message type

2024-03-25 09:32:14 +0000 answered a question Dissector table doesn't exist while registering subdissector for ZMTP

I have a draft change (https://gitlab.com/wireshark/wireshark/-/merge_requests/14947) to create a built-in/C dissector

2023-09-20 20:40:31 +0000 commented question When using eCPRI fragmentation, is there a way to concatenate the fragments when they are in individual Ethernet packages?

If you can let me have a capture file, I will add support (I am the main author of packet-oran.c). Maybe add an issue a

2023-09-20 20:26:40 +0000 commented question When using eCPRI fragmentation, is there a way to concatenate the fragments when they are in individual Ethernet packages?

If you can let me have a capture file, I will add support. Maybe add an issue at https://gitlab.com/wireshark/wireshark

2023-09-20 20:21:54 +0000 commented question When using eCPRI fragmentation, is there a way to concatenate the fragments when they are in individual Ethernet packages?

If you can let me have a capture file, I will add support.

2023-09-12 06:53:10 +0000 answered a question The Resource Blocks in a Section with RB = 1 (interleaving) may be wrong

As per my comment above, this was supported/fixed in master and will be available in 4.1 development builds, and in rele

2023-09-07 07:23:40 +0000 commented question The Resource Blocks in a Section with RB = 1 (interleaving) may be wrong

I attempted to fix this with https://gitlab.com/wireshark/wireshark/-/merge_requests/11871 around a week ago. Could you

2023-05-27 21:28:05 +0000 edited answer What is the formula to calculate the values of my I and Q in IQ packets?

Assuming that it is, here is the relevant function from epan/dissectors/packet-oran.c /* Special case for uncompressed/

2023-05-27 21:27:15 +0000 answered a question What is the formula to calculate the values of my I and Q in IQ packets?

Assuming that it is, here is the relevant function from epan/dissectors/packet-oran.c /* Special case for uncompressed/

2023-05-27 21:27:08 +0000 answered a question What is the formula to calculate the values of my I and Q in IQ packets?

Assuming that it is, here is the relevant function from epan/dissectors/packet-oran.c /* Special case for uncompressed/

2023-05-27 09:42:32 +0000 answered a question What is the formula to calculate the values of my I and Q in IQ packets?

You are talking about ORAN FH-CUS?

2023-05-27 09:42:23 +0000 answered a question What is the formula to calculate the values of my I and Q in IQ packets?

You are talking about ORAN FH-CUS?

2023-03-16 22:06:15 +0000 received badge  Commentator
2023-03-16 22:06:15 +0000 commented answer Finding MAC error in decoding wireshark capture

As Chuck says, we should do better to explain why integrity isn't checked in this case. Also note that even with Zuc o

2022-11-22 21:14:29 +0000 answered a question Measuring RTT of RTCP using RR packet

Could you make available a PCAP with the relevant RTCP frames?

2022-11-17 18:53:28 +0000 received badge  Rapid Responder (source)
2022-11-17 18:53:28 +0000 answered a question RLC-NR decoding under MAC for DRB

In order for the mac-nr dissector to know how to dissect a DRB lcid, it needs to know how the mode, SN length and drb n

2022-11-17 18:53:19 +0000 answered a question RLC-NR decoding under MAC for DRB

In order for the mac-nr dissector to know how to dissect a DRB lcid, it needs to know how the mode, SN length and drb n

2022-11-17 18:53:19 +0000 received badge  Rapid Responder (source)
2022-05-28 20:49:10 +0000 answered a question Does current version of Wireshark supports E2SM-RC

I am working on adding v2.0 now.

2022-05-28 20:49:02 +0000 answered a question Does current version of Wireshark supports E2SM-RC

I am working on adding v2.0 now.

2021-12-18 10:23:06 +0000 edited answer the detail of 5g ngap & rrc info

This is just the way they are defined in the ASN1. I didn't look up the first one, but for the 2nd one (defined in 38.3

2021-12-18 10:22:25 +0000 received badge  Rapid Responder (source)
2021-12-18 10:22:25 +0000 answered a question the detail of 5g ngap & rrc info

This is just the way they are defined in the RRC. I didn't look up the first one, but for the 2nd one (defined in 38.33

2021-12-16 16:12:46 +0000 received badge  Rapid Responder (source)
2021-12-16 16:12:46 +0000 answered a question NR-RRC : how to decrypt encrypt NR-RRC message in pcap

You can decrypt them if they are framed inside pdcp-nr. You need this in order to have a UE Identifier (in order to loo

2021-05-05 11:42:23 +0000 commented answer Should we adopt a code of conduct? If so, which one?

I like this one's brevity, lack of repetition, and that it doesn't refer to what sounds like a formal management group (

2021-05-05 11:36:49 +0000 received badge  Supporter (source)
2021-04-09 08:12:23 +0000 commented question How do I use a Snort rule to search or filter PCAP in Wireshark?

There is no way to automatically/reliably convert a snort rule directly into a Wireshark display filter. But with the S

2020-12-03 22:33:28 +0000 received badge  Rapid Responder (source)
2020-12-03 22:33:28 +0000 answered a question how can I open snort alert.ids

Wireshark can't open any Snort alert output format. Is there a format that contains full frames? https://gitlab.com/wi

2020-09-06 12:23:57 +0000 answered a question How to Parse MAC-LTE to PDCP-LTE or HTTP package?

You need to set the MAC-LTE dissector preferences appropriately. If all of the relevant RRC signalling is in the captur

2019-10-20 09:04:39 +0000 commented answer Negative Window scaling factor

It also needs to be clear (if it isn't already) if the scaling factor was forced by the preference setting 'Scaling fact

2019-09-02 22:13:14 +0000 commented answer I need help to analyze slammer.pcap

One way to look at this (under linux at least) would be to use the Snort post-dissector (https://wiki.wireshark.org/Snor

2019-02-08 16:53:15 +0000 received badge  Rapid Responder (source)
2019-02-08 16:53:15 +0000 answered a question How to decode PDCP-LTE?

It looks like you need to go to Analyze | Enabled Protocols, find PDCP-LTE, expand it and check pdcp_lte_udp. It is heu

2018-11-15 22:04:38 +0000 received badge  Rapid Responder (source)
2018-11-15 22:04:38 +0000 answered a question How to decrypt Ipsec protocol that have esp with command line

If you have messages in your traces that describe the SPI/keys, you could write a dissector for those messages and call