WiresharkIntegration » History » Revision 4
Revision 3 (laforge, 02/19/2016 10:49 PM) → Revision 4/11 (laforge, 02/19/2016 10:49 PM)
= Wireshark integration = [http://www.wireshark.org/ wireshark] is a popular Open Source protocol analyzer. Among many other protocols, it includes dissectors for the GSM Layer 2 (LAPDm) and 3 (04.08). There also is a [wiki:GSMTAP] GSMTAP protocol dissector (not in recent wireshark versions, mainline yet submitted as [https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4508 wireshark bug 4508], available in our git repository in {{{src/wireshark/gsmtap.patch}}}), which allows real-time capture and decode of GSM protocol messages encapsulated in a GSMTAP (pseudo-header, which (which is in turn encapsulated in UDP and IP). So if you have a wireshark version with [wiki:GSMTAP] GSMTAP support, you can have real-time realtime decode and trace of GSM protocol messages. The OsmocomBB [wiki:layer23] program sends [wiki:GSMTAP] GSMTAP packets to the localhost (127.0.0.1) address of the loopback interface (lo). Please note that the wireshark program is doing passive capture, i.e. if nothing is listening on the [wiki:GSMTAP] UDP port (4729), then you will see ICMP port unreachable messages in addition to the GSMTAP messages. There are two suggested solutions to this: * Change the IP address to a multicast group like 224.0.0.1 (instead of 127.0.0.1) * Run some program that simply opens the UDP port and discards its content, e.g. using {{{{nc -u -l -p 4729 > /dev/null}}} == Screenshot == [[Image(gsmtap-wireshark.png, 66%)]]
