Hi Navin,
Wow, definately interesting...
I have occasionally contemplated how it would be possible to use Ethereal to dissect messages from our SS7 stack. I had always figured I'd have to write a fake link layer, but I never thought it'd be so easy (at least in terms of lines of code)!
Stupid question: what do the source and destination columns say when dissecting things over this fake link layer?
I'll play around with this and let you know what I think--but I suspect
it's exactly what I've been looking for! (BTW, I get MTP2 and higher, so I'll likely add another fake link type for that.)
Regards, -Jeff
Navin Anand wrote:
Hello,
My SS7 application provides me with protocol packets dump at each layer (without the underlying protocol headers). For e.g. SCCP alone without MTP3, MTP2.... etc. etc.
I wanted an analyzer which could read these packets. For this I have modified Ethereal to suit my requirements.
If you think it is a worthwhile feature. I would like to contribute this.
Yours truly, Navin Anand.
The list of new files are: faketypes.h packet-fakelink.c packet-fakelink.h
The modified files are: libpcap.c 407,413d406 < < /* < * 20 Added for the fake link type, required to dissect packets < * containing higher layer protocol payload without the lower layer < * protocol headers, e.g. pure TCP data without underlying IP. < */ < { 20, WTAP_ENCAP_FAKE_LINK },
packet-mtp3.c (as an e.g.) > #include "faketypes.h" > 494a497,498 > dissector_handle_t mtp3_handle; > 495a500,502 > > mtp3_handle = create_dissector_handle(dissect_mtp3, proto_mtp3); > dissector_add("fakelink.type", FAKETYPE_MTP3, mtp3_handle);
packet-sccp.c (as an e.g.) 50a51,52 > #include "faketypes.h" > 2277a2280,2281 > > dissector_add("fakelink.type", FAKETYPE_SCCP, sccp_handle);
wtap.h
129a130
> #define WTAP_ENCAP_FAKE_LINK 38
132c133
< #define WTAP_NUM_ENCAP_TYPES 38
---
> #define WTAP_NUM_ENCAP_TYPES 39
