WiresharkIntegration » History » Version 7
pauldart, 02/19/2016 10:49 PM
Requires >1.4.0 to have GSMTAP build in.
| 1 | 1 | laforge | = Wireshark integration = |
|---|---|---|---|
| 2 | 1 | laforge | |
| 3 | 5 | laforge | [http://www.wireshark.org/ wireshark] is a popular Free Software / Open Source protocol analyzer. Among many |
| 4 | 5 | laforge | other protocols, it includes dissectors for the GSM Layer 2 (TS 04.06 / LAPDm) and 3 (TS 04.8 04.08 / RR,MM,CC). |
| 5 | 1 | laforge | |
| 6 | 4 | laforge | There also is a [wiki:GSMTAP] protocol dissector in recent wireshark versions, which allows |
| 7 | 4 | laforge | real-time capture and decode of GSM protocol messages encapsulated in a GSMTAP (pseudo-header, |
| 8 | 4 | laforge | which is in turn encapsulated in UDP and IP). |
| 9 | 1 | laforge | |
| 10 | 7 | pauldart | So if you have a wireshark version with [wiki:GSMTAP] support (>1.4.0), you can have real-time decode and |
| 11 | 6 | tsaitgaist | trace of GSM protocol messages. You can also [wiki:wireshark compile wireshark] yourself. |
| 12 | 1 | laforge | |
| 13 | 4 | laforge | The OsmocomBB [wiki:layer23] program sends [wiki:GSMTAP] packets to the localhost (127.0.0.1) address |
| 14 | 4 | laforge | of the loopback interface (lo). Please note that the wireshark program is doing passive capture, |
| 15 | 4 | laforge | i.e. if nothing is listening on the [wiki:GSMTAP] UDP port (4729), then you will see ICMP port unreachable |
| 16 | 4 | laforge | messages in addition to the GSMTAP messages. There are two suggested solutions to this: |
| 17 | 4 | laforge | * Change the IP address to a multicast group like 224.0.0.1 (instead of 127.0.0.1) |
| 18 | 4 | laforge | * Run some program that simply opens the UDP port and discards its content, e.g. using {{{{nc -u -l -p 4729 > /dev/null}}} |
| 19 | 2 | laforge | |
| 20 | 2 | laforge | == Screenshot == |
| 21 | 2 | laforge | |
| 22 | 2 | laforge | [[Image(gsmtap-wireshark.png, 66%)]] |
