Decoder for moshell trace file

[Yenthanh]

Hi,

Does anybody knows how to decode a moshell trace file so that it will be read via wireshark? If there's a SW tool needed to do it, can I have a copy of that software?
I really need it please.

Thank you in advance and repu to follow.

[s52d]

Hi,

Does anybody knows how to decode a moshell trace file so that it will be read via wireshark? If there's a SW tool needed to do it, can I have a copy of that software?
I really need it please.

Thank you in advance and repu to follow.

Hi!

I might be completely offtopic - excuse me if Q is misunderstood.
In order to decode NBAP, I create file 0.nbap (sample below).
with text2pcap it is converted to pcaplib fomat (file 0n.pcap),
this file is parsed by tshark to extract propagationDelay parameter from NBAP
traces. This is part of GPEH decoder, where ans.1 binary messages are
"exported" to wireshark for decoding of nbap/ranap/rrc.

so, from bash command file:

text2pcap -q -l 162 0.nbap 0n.pcap
tshark -r 0n.pcap -Tfields -e nbap.propagationDelay >0p.nbap

where 162 points to NBAP protocol, as specified in:

~/.wireshark/user_dlts is list of protocols
# This file is automatically generated, DO NOT MODIFY.
"User 15 (DLT=162)","nbap","0","","0",""
"User 14 (DLT=161)","ranap","0","","0",""
"User 13 (DLT=160)","rrc","0","","0","

BR
s52d



sample of two NBAP messages in fire 0.nbap.
000000 00 1B 22 16 15 78 40 00 05 00 2C 00 02 00 00 01 27 00 11 01 00 C0 2B F1 A7 80 00 01 40 54 11 05 FA 00 8B 00 00 53 00 0B 00 00 00 01 00 01 20 00 0C 40 80 00 38 00 24 00 08 00 28 00 02 00 00 1F 02 00 00 00 50 00 01 00 94 50 14 B8 34 08 00 00 50 00 01 00 94 50 14 E5 34 F0 20 00 D8 80 18 00 00 D3 80 13 40 00 7D 2A 00 00 1C 00 08 00 00 00 0B 00 DD 01 8D 00 C8 00 00 FC 17 40 01 00 zz
000000 00 1B 22 15 FA 78 40 00 05 00 2C 00 02 00 00 01 27 00 11 01 00 88 2D 79 A7 80 00 01 40 54 11 05 FA 00 8B 00 00 53 00 0B 00 00 00 01 00 01 20 00 0C 40 80 00 38 00 24 00 08 00 28 00 02 00 00 1F 02 00 00 00 50 00 01 00 94 50 14 B8 34 08 00 00 50 00 01 00 94 50 14 E5 34 F0 20 00 D8 80 18 00 00 D3 80 13 40 00 7D 2A 00 02 28 00 0A 00 00 00 0C 00 FB 01 8D 00 C8 00 00 FC 17 40 01 00 zz

[rasar00]

dose any one have document about this

[s52d]

dose any one have document about this

Wireshark is well documented.

BR
s52d

[Yenthanh]

Hi s52d,

Thanks for your reply.

Here's actually what I am doing. I performed a trace by capturing the output via save logfile to text of my emulator (secureCRT in this case). After that, edited it a little bit and removed the unnecessary info included in the capture file and save it again as text. I run the text2pcap of wireshark and tried different optional value as I seen some examples from the internet, but to no avail. All the output generated were only 5 packets, when open via wireshark, it just says error packets.
Yeah, I maybe using the wrong value during running text2pcap, which in your case you're using 162. I'll try it again when I get back to office by Monday.

Thanks...

[s52d]

Hi s52d,

Thanks for your reply.

Here's actually what I am doing. I performed a trace by capturing the output via save logfile to text of my emulator (secureCRT in this case). After that, edited it a little bit and removed the unnecessary info included in the capture file and save it again as text. I run the text2pcap of wireshark and tried different optional value as I seen some examples from the internet, but to no avail. All the output generated were only 5 packets, when open via wireshark, it just says error packets.
Yeah, I maybe using the wrong value during running text2pcap, which in your case you're using 162. I'll try it again when I get back to office by Monday.

Thanks...

Hi!
When I did it, I had to patch wireshark to add utran protocols.
They might be part of mainstream now.
Does it work on my samples? two asn.1 messages in hex.

BR
s52d