Project

General

Profile

WiresharkIntegration » History » Version 10

laforge, 02/21/2016 10:12 AM

1 1 laforge
2 9 nion
h1. Wireshark integration
3 9 nion
4 9 nion
5 9 nion
"wireshark":http://www.wireshark.org/ is a popular Free Software / Open Source protocol analyzer.  Among many
6 5 laforge
other protocols, it includes dissectors for the GSM Layer 2 (TS 04.06 / LAPDm) and 3 (TS 04.8 04.08 / RR,MM,CC).
7 1 laforge
8 9 nion
There also is a [[GSMTAP]] protocol dissector in recent wireshark versions, which allows
9 1 laforge
real-time capture and decode of GSM protocol messages encapsulated in a GSMTAP (pseudo-header,
10 1 laforge
which is in turn encapsulated in UDP and IP).
11 1 laforge
12 9 nion
So if you have a wireshark version with [[GSMTAP]] support (>1.4.0), you can have real-time decode and
13 9 nion
trace of GSM protocol messages. You can also [[wireshark|compile wireshark]] yourself.
14 1 laforge
15 9 nion
The [[OsmocomBB]] [[layer23]] program sends [[GSMTAP]] packets to the localhost (127.0.0.1) address
16 4 laforge
of the loopback interface (lo).  Please note that the wireshark program is doing passive capture,
17 9 nion
i.e. if nothing is listening on the [[GSMTAP]] UDP port (4729), then you will see ICMP port unreachable
18 4 laforge
messages in addition to the GSMTAP messages.  There are two suggested solutions to this:
19 9 nion
* Change the IP address to a multicast group like 224.0.0.1 (instead of 127.0.0.1)
20 10 laforge
* Run some program that simply opens the UDP port and discards its content, e.g. using @nc -u -l -p 4729 > /dev/null@
21 9 nion
22 9 nion
h2. Screenshot
23 1 laforge
24 2 laforge
25 10 laforge
!{width=100%}gsmtap-wireshark.png!
Add picture from clipboard (Maximum size: 48.8 MB)