damker | 1 Sep 02:25 2010

ranap malformed packet

Hi all:
    Attachment is a packet captured in the 3G network, but treat as a
malformed packet.
Attachment (ranap_malformed_packet.pcap): application/octet-stream, 479 bytes
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Anders Broman | 1 Sep 08:28 2010
Picon

Re: ranap malformed packet

damker skrev 2010-09-01 02:25:
Hi all: Attachment is a packet captured in the 3G network, but treat as a malformed packet.
I assume the network accepts the message? Can you decode the message by other means to make
it easier to see where Wireshark fails.
Wireshark thinks there should be
Sequence-Of Length: 351
Range = 1024 Bitfield length 10, Sequence-Of Length: .... .010  1011 110.
ctfc6Bit: 351 items
but fails after
Item 149
Regards
Anders
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request-IZ8446WsY0/dtAWm4Da02A@public.gmane.org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Jaap Keuter | 1 Sep 13:17 2010
Picon
Picon

A font for use with Wireshark

Hi list,

Fixed-width fonts for use in applications like Wireshark are sometimes hard to find.
Anonymous Pro might be useful to you.

Thanks,
Jaap

 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Hugo | 1 Sep 07:07 2010
Picon

Software


Hi guys,

My OS is windows 7 - what kind of version should I download? 32 or 64 bits?

Thanks for your kind attention to the matter.

Regards,

Hugo                 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
wang.hongxia1 | 1 Sep 09:41 2010
Picon

How to decode FP over UDP?


 I am using Wireshark version 1.2.9. I have some FP packets in pcap format. However I do not see FP protocol option in "decode as" list. However Enabled protocols, shows FP protocolsenabled which indicates  Wireshark supports fp. I  fill "fp" in filters,I can not get no Packets filtered.Howerver,I see some packets over UDP transported from RNC.

   Please tell me how can I decode packets as FP.
   Those sample fp packets are transported over UDP. Yet I do not see fp protocol in "decode as" list.

Thanks and regards,


-------------------------------------------------------- ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender. This message has been scanned for viruses and Spam by ZTE Anti-Spam system.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Picon

Wireshark sniffer stop by itself

Dear Support Members,

 

I have been facing a problem with the Wireshark sniffer for several times in the past month and I would like to ask your advise:

We are capturing data on one of are switches. We left the sniffer working for several days and when we came to check out the files we found out that it stop by itself few days earlier. The space hasn't run out on the local drive, the sniffer didn't stop working completely but only the capture stop.
Im pretty shure we have config the capture properly.
I have attached a screen shot of the capture configuration window & the app release.

 

The problem has reoccurred several times in the past and I don’t really know what can cause the sniffer stop capturing the data.

 

 

BR,

Asaf

 

Asaf Gotliv-Tovim

Networking & Security Appliance Team Leader,

MATAF - FIBI


Shoken 23rd st. , Tel-Aviv
Phone / Fax   –   +972-3-5134335

Mobile  –  +972-52-4473714

Email : asaf.g <at> fibi.co.il

 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Bill Meier | 1 Sep 16:20 2010

Re: Software

Hugo wrote:
> Hi guys,
> 
> My OS is windows 7 - what kind of version should I download? 32 or 64 bits?
> 
> Thanks for your kind attention to the matter.
> 
> Regards,
> 
> Hugo                  

Do Control Panel ! System and look for the "System Type" line to see 
whether you are running 32 bit or 64 bit Windows; You can then download 
the matching Wireshark.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe

Anders Broman | 1 Sep 16:44 2010
Picon

Re: VoIP calls GRAPH button gone. FLOW button shows SIP but not RTP or T.38

Hi,
Could you trye it on a development build from http://www.wireshark.org/download/automated/
Please let us know the result.
Regards
Anders

From: wireshark-users-bounces <at> wireshark.org [mailto:wireshark-users-bounces-IZ8446WsY0/dtAWm4Da02A@public.gmane.org] On Behalf Of COHEN, HARVEY S (ATTLABS)
Sent: den 31 augusti 2010 22:00
To: wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org
Subject: [Wireshark-users] VoIP calls GRAPH button gone. FLOW button shows SIP but not RTP or T.38

I just installed Wireshark 1.4 on WinXP. Under Telephony, VoIP Calls, the GRAPH button has been replaced by a FLOW button. The ladder diagram produced by the FLOW button includes the SIP and RTP, but not the T.38. How can I make the ladder diagram display the T.38 as in previous releases of Wireshark?

This sample has 352 T.38 packets, comprising an entire fax call:

|Time     | 12.40.234.2                           |

|         |                   | 12.20.15.34       |                  

|0.000    |         INVITE SDP ( g729 g711U telephone-event X-nt-i...req)          |SIP From: "BCM450 FAX"<sip:anonymous-B1E8pUqfKmfxJnLAbslJAA@public.gmane.org To:<sip:17322759486-fdx6R0e21yFht+ntNHWCdw@public.gmane.org

|         |(5060)   ------------------>  (5060)   |

|0.050    |         100 Trying|                   |SIP Status

|         |(5060)   <------------------  (5060)   |

|2.041    |         180 Ringing SDP ( g729 telephone-event)          |SIP Status

|         |(5060)   <------------------  (5060)   |

|2.041    |         RTP (g729)                    |RTP Num packets:507  Duration:23.360s SSRC:0xD5D81350

|         |(28000)  <------------------  (16604)  |

|2.092    |         RTP (g729)                    |RTP Num packets:168  Duration:8.499s SSRC:0x4A0BC4D1

|         |(28000)  ------------------>  (16604)  |

|10.607   |         200 OK SDP ( g729 telephone-event)          |SIP Status

|         |(5060)   <------------------  (5060)   |

|10.611   |         RTP (g729)                    |RTP Num packets:308  Duration:11.799s SSRC:0x4A0BC4D1

|         |(28000)  ------------------>  (16604)  |

|10.619   |         ACK       |                   |SIP Request

|         |(5060)   ------------------>  (5060)   |

|25.352   |         INVITE SDP ( t38)             |SIP Request

|         |(5060)   <------------------  (5060)   |

|25.362   |         100 Trying|                   |SIP Status

|         |(5060)   ------------------>  (5060)   |

|25.403   |         200 OK SDP ( t38)             |SIP Status

|         |(5060)   ------------------>  (5060)   |

|25.470   |         ACK       |                   |SIP Request

|         |(5060)   <------------------  (5060)   |

|47.896   |         BYE       |                   |SIP Request

|         |(5060)   ------------------>  (5060)   |

|47.943   |         200 Ok    |                   |SIP Status

|         |(5060)   <------------------  (5060)   |

 

Harvey S. Cohen

AT&T Labs, Middletown, NJ

Mobile +1-908-768-5833

Office +1-732-420-4099

 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Tim.Poth | 1 Sep 16:45 2010

Re: Wireshark sniffer stop by itself

Try using tshark from the command line and see if that works better.

http://www.wireshark.org/docs/man-pages/tshark.html

 

 

From: wireshark-users-bounces-IZ8446WsY0/dtAWm4Da02A@public.gmane.org [mailto:wireshark-users-bounces-IZ8446WsY0/dtAWm4Da02A@public.gmane.org] On Behalf Of ?????? ????? ???
Sent: Wednesday, September 01, 2010 4:01 AM
To: wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org
Subject: [Wireshark-users] Wireshark sniffer stop by itself

 

Dear Support Members,

 

I have been facing a problem with the Wireshark sniffer for several times in the past month and I would like to ask your advise:

We are capturing data on one of are switches. We left the sniffer working for several days and when we came to check out the files we found out that it stop by itself few days earlier. The space hasn't run out on the local drive, the sniffer didn't stop working completely but only the capture stop.
Im pretty shure we have config the capture properly.
I have attached a screen shot of the capture configuration window & the app release.

 

The problem has reoccurred several times in the past and I don’t really know what can cause the sniffer stop capturing the data.

 

 

BR,

Asaf

 

Asaf Gotliv-Tovim

Networking & Security Appliance Team Leader,

MATAF - FIBI


Shoken 23rd st. , Tel-Aviv
Phone / Fax   –   +972-3-5134335

Mobile  –  +972-52-4473714

Email : asaf.g-ZJ1RSE+O2IP6gbPvEgmw2w@public.gmane.org

 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Bill Meier | 1 Sep 16:48 2010

Re: How to decode FP over UDP?

wang.hongxia1 <at> zte.com.cn wrote:
>  I am using Wireshark version 1.2.9. I have some FP packets in pcap 
> format. However I do not see FP protocol option in "decode as" list. 
> However Enabled protocols, shows FP protocolsenabled which indicates 
> Wireshark supports fp. I  fill "fp" in filters,I can not get no Packets 
> filtered.Howerver,I see some packets over UDP transported from RNC.
> 
>    Please tell me how can I decode packets as FP.
>    Those sample fp packets are transported over UDP. Yet I do not see fp 
> protocol in "decode as" list.
> 
> Thanks and regards,
> 

I know nothing about the FP protocol;

However, perhaps the info in the Wireshark Wiki may be of help

http://wiki.wireshark.org/FP
http://wiki.wireshark.org/FP%20Hint

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users <at> wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request <at> wireshark.org?subject=unsubscribe

Gmane