This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 9 and 10
Revision 9 as of 2008-04-12 17:50:03
Size: 2332
Editor: localhost
Comment: converted to 1.6 markup
Revision 10 as of 2009-07-01 11:38:42
Size: 2409
Comment: Add reference to other protocols dissected directly from file format
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
For protocols that appear within IP or SCTP primitve messages, an attempt is made to decode the payload part of the message. There is also support for calling the UMTS Frame Protocol ([[FP]]) dissector, which may be carried over AAL2 or UDP IP primitive messages. For protocols that appear within IP or SCTP primitve messages, an attempt is made to decode the payload part of the message. There is also support for directly dissecting:
 *
the UMTS Frame Protocol ([[FP]]) dissector, which may be carried over AAL2 or UDP IP primitive messages
 * [[MAC-LTE]]
 * [[RLC-LTE]]
 * [[PDCP-LTE]]
 * RRC-LTE

Catapult DCT2000 .out file packet header

This protocol / header format consists of some information associated with a packet read from a Catapult DCT2000 .out file. The fields that comprise this protocol (protocol, variant, context, out-header, direction, original timing information) should be useful for filtering, and also make it easy to correlate entries in the Wireshark packet list with the DCT2000 decodes.

Wireshark

The DCT2000 dissector shows the fields of this protocol before handing off to the appropriate link-type dissector (ip, ethernet, atm, sscop, lapd, ppp, frame relay or mtp2).

For protocols that appear within IP or SCTP primitve messages, an attempt is made to decode the payload part of the message. There is also support for directly dissecting:

  • the UMTS Frame Protocol (FP) dissector, which may be carried over AAL2 or UDP IP primitive messages

  • MAC-LTE

  • RLC-LTE

  • PDCP-LTE

  • RRC-LTE

Preference Settings

* Use IP Primitive heuristic. For messages that appear to be protocol payloads sent to/from the UDP/TCP state machine, attempt to dissect the payload a Wireshark dissector is found using the DCT2000 protocol name. Default ON

* Use SCTP Primitive heuristic. For messages that appear to be protocol payloads sent to/from the SCTP state machine, attempt to dissect the payload a Wireshark dissector is found using the DCT2000 protocol name. Default ON

For best results, when creating .out files for use by Wireshark you should obviously turn on logging for board ports.

Example capture file

Here is a short example file of this format, that has examples of packets using most supported link types

Display Filter

A complete list of DCT2000 display filter fields can be found in the display filter reference

  • Show only the dct2000 based traffic:
     dct2000 

(Note that a capture file will either all be DCT2000 packets, or none at all, so the above filter is not very useful)

Capture Filter

There is no way to directly capture dct2000 packets - they will only be seen by opening DCT2000 .out files.

Discussion

DCT2000 (last edited 2012-05-13 22:03:13 by MartinMathieson)