Search code examples

decodingTCAP message - dialoguePortion

I'm writing an simulator (for learning purposes) for complete M3UA-SCCP-TCAP-MAP stack (over SCTP). So far M3UA+SCCP stacks are OK.

M3UA Based on the RFC 4666 Sept 2006
SCCP Based on the ITU-T Q.711-Q716
TCAP Based on the ITU-T Q.771-Q775

But upon decoding TCAP part I got lost on dialoguePortion. TCAP is asn.1 encoded, so everything is tag+len+data. Wireshark decode it differently than my decoder.

Message is: 62434804102f00676b1e281c060700118605010101a011600f80020780a1090607040000010005036c1ba1190201010201163011800590896734f283010086059062859107

Basically, my message is BER-decoded as

Note: Format: hex(tag) + (BER splitted to CLS+PC+TAG in decimal) + hex(data)
 62 ( 64 32 2 )
     48 ( 64 0 8 ) 102f0067
     6b ( 64 32 11 )
         28 ( 0 32 8 )
             06 ( 0 0 6 ) 00118605010101    OID=
             a0 ( 128 32 0 )
                 60 ( 64 32 0 )
                     80 ( 128 0 0 ) 0780
                     a1 ( 128 32 1 )
                         06 ( 0 0 6 ) 04000001000503    OID=
     6c ( 64 32 12 )

So I can see begin[2] message containing otid[8], dialogPortion[11] and componentPortion[12]. otid and ComponentPortion are decoded correctly. But not dialogPortion. ASN for dialogPortion does not mention any of these codes. Even more confusing, wireshark decode it differently (oid-as-dialogue is NOT in the dialoguePortion, but as a field after otid, which is NOT as described in ITU-T documentation - or not as I'm understanding it)

Wireshark decoded Transaction Capabilities Application Part
        Source Transaction ID
            otid: 102f0067
        oid: (id-as-dialogue)
            Padding: 7
            protocol-version: 80 (version1)
                1... .... = version1: True
            application-context-name: (locationInfoRetrievalContext-v3)
        components: 1 item

I can't find any reference for Padding in dialoguePDU ASN.

Can someone point me in the right direction? I would like to know how to properly decode this message

DialoguePDU format should be simple in this case:

dialogue-as-id OBJECT IDENTIFIER ::=  {itu-t recommendation q 773 as(1) dialogue-as(1) version1(1)}

DialoguePDU ::= CHOICE {
  dialogueRequest   AARQ-apdu,
  dialogueResponse  AARE-apdu,
  dialogueAbort     ABRT-apdu

  protocol-version          [0] IMPLICIT BIT STRING {version1(0)} DEFAULT {version1},
  application-context-name  [1]  OBJECT IDENTIFIER,
  user-information          [30] IMPLICIT SEQUENCE OF EXTERNAL OPTIONAL


  • Wireshark is still wrong :-). But then... that is display. It displays values correctly - only in the wrong section. Probably some reason due to easier decoding.

    What I was missing was definition of EXTERNAL[8]. DialoguePortion is declared as now everything makes sense.