Discussion:
How to import RRC hex dump into Wireshark for decoding
PF Law
2007-10-22 15:46:49 UTC
Permalink
Wireshark 0.99.6 supports RRC protocol.

If I want to just make use of this capability to decode some external RRC
hex dump for some purposes, does anyone know how I can achieve this in
details?

e.g. I want to get the below RRC hex dump decoded in Wireshark.

RRC hex dump: BF 02 26 13 9A 25 00 25 02 76 84 94 48 4E 50 04 7F FE 43 73 60
00 48 00

Thanks a lot.
Luis EG Ontanon
2007-10-22 16:14:21 UTC
Permalink
take a look to:
http://wiki.wireshark.org/HowToDissectAnything
Post by PF Law
Wireshark 0.99.6 supports RRC protocol.
If I want to just make use of this capability to decode some external RRC
hex dump for some purposes, does anyone know how I can achieve this in
details?
e.g. I want to get the below RRC hex dump decoded in Wireshark.
RRC hex dump: BF 02 26 13 9A 25 00 25 02 76 84 94 48 4E 50 04 7F FE 43 73 60
00 48 00
Thanks a lot.
_______________________________________________
Wireshark-users mailing list
http://www.wireshark.org/mailman/listinfo/wireshark-users
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
PF Law
2007-10-23 17:06:26 UTC
Permalink
I have constructed the cap file. However, I shall also need to specify the
message type for the RRC protocol, e.g. DL-DCCH-Message, UL-DCCH-Message,
DL-CCCH-Message, UL-CCCH-Message, PCCH-Message, .....

In my example, message type is UL-DCCH-Message and the hex dump is "BF 02 26
13 9A 25 00 25 02 76 84 94 48 4E 50 04 7F FE 43 73 60 00 48 00".

Where and how can I tell the RRC dissector that message to be decoded is a
UL-DCCH-Message? Thanks.

No. Time Source Destination Protocol
Info
1 0.000000 RRC

Frame 1 (24 bytes on wire, 24 bytes captured)
Arrival Time: Oct 24, 2007 00:42:28.000000000
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 24 bytes
Capture Length: 24 bytes
[Frame is marked: False]
[Protocols in frame: user_dlt:rrc]
DLT: 153
Radio Resource Control (RRC) protocol

0000 bf 02 26 13 9a 25 00 25 02 76 84 94 48 4e 50 04 ..&..%.%.v..HNP.
0010 7f fe 43 73 60 00 48 00 ..Cs`.H.
Post by Luis EG Ontanon
http://wiki.wireshark.org/HowToDissectAnything
Post by PF Law
Wireshark 0.99.6 supports RRC protocol.
If I want to just make use of this capability to decode some external
RRC
Post by PF Law
hex dump for some purposes, does anyone know how I can achieve this in
details?
e.g. I want to get the below RRC hex dump decoded in Wireshark.
RRC hex dump: BF 02 26 13 9A 25 00 25 02 76 84 94 48 4E 50 04 7F FE 43
73 60
Post by PF Law
00 48 00
Thanks a lot.
_______________________________________________
Wireshark-users mailing list
http://www.wireshark.org/mailman/listinfo/wireshark-users
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-users mailing list
http://www.wireshark.org/mailman/listinfo/wireshark-users
Kukosa, Tomas
2007-10-23 17:47:30 UTC
Permalink
It is necessary to assign to the user DLT specific RRC message type (instead of "rrc").
There are following message types registered:
rrc.dl.dcch
rrc.dl.dcch
rrc.ul.dcch
rrc.dl.ccch
rrc.ul.ccch
rrc.pcch
rrc.dl.shcch
rrc.ul.shcch
rrc.bcch.fach
rrc.bcch.bch
rrc.mcch
rrc.msch

Unfortunately with this solution it is not possible to have more message types in one cap file.


________________________________

Od: wireshark-users-bounces-IZ8446WsY0/***@public.gmane.org za uŸivatele PF Law
Odesláno: út 23.10.2007 19:06
Komu: Community support list for Wireshark
Pøedmìt: Re: [Wireshark-users] How to import RRC hex dump into Wireshark fordecoding


I have constructed the cap file. However, I shall also need to specify the message type for the RRC protocol, e.g. DL-DCCH-Message, UL-DCCH-Message, DL-CCCH-Message, UL-CCCH-Message, PCCH-Message, .....

In my example, message type is UL-DCCH-Message and the hex dump is "BF 02 26 13 9A 25 00 25 02 76 84 94 48 4E 50 04 7F FE 43 73 60 00 48 00".

Where and how can I tell the RRC dissector that message to be decoded is a UL-DCCH-Message? Thanks.

No. Time Source Destination Protocol Info
1 0.000000 RRC

Frame 1 (24 bytes on wire, 24 bytes captured)
Arrival Time: Oct 24, 2007 00:42:28.000000000
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 24 bytes
Capture Length: 24 bytes
[Frame is marked: False]
[Protocols in frame: user_dlt:rrc]
DLT: 153
Radio Resource Control (RRC) protocol

0000 bf 02 26 13 9a 25 00 25 02 76 84 94 48 4e 50 04 ..&..%.%.v..HNP.
0010 7f fe 43 73 60 00 48 00 ..Cs`.H.



On 10/23/07, Luis EG Ontanon <luis.ontanon-***@public.gmane.org> wrote:

take a look to:
http://wiki.wireshark.org/HowToDissectAnything
Post by PF Law
Wireshark 0.99.6 supports RRC protocol.
If I want to just make use of this capability to decode some external RRC
hex dump for some purposes, does anyone know how I can achieve this in
details?
e.g. I want to get the below RRC hex dump decoded in Wireshark.
RRC hex dump: BF 02 26 13 9A 25 00 25 02 76 84 94 48 4E 50 04 7F FE 43 73 60
00 48 00
Thanks a lot.
_______________________________________________
Wireshark-users mailing list
http://www.wireshark.org/mailman/listinfo/wireshark-users
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-users mailing list
Wireshark-users-IZ8446WsY0/***@public.gmane.org
http://www.wireshark.org/mailman/listinfo/wireshark-users

Loading...