WiresharkIntegration » History » Version 8

« Previous - Version 8/10 (diff) - Next » - Current version
nion, 02/19/2016 10:49 PM
fix broken wiki syntax for nc command

= Wireshark integration =

[ wireshark] is a popular Free Software / Open Source protocol analyzer. Among many
other protocols, it includes dissectors for the GSM Layer 2 (TS 04.06 / LAPDm) and 3 (TS 04.8 04.08 / RR,MM,CC).

There also is a [wiki:GSMTAP] protocol dissector in recent wireshark versions, which allows
real-time capture and decode of GSM protocol messages encapsulated in a GSMTAP (pseudo-header,
which is in turn encapsulated in UDP and IP).

So if you have a wireshark version with [wiki:GSMTAP] support (>1.4.0), you can have real-time decode and
trace of GSM protocol messages. You can also [wiki:wireshark compile wireshark] yourself.

The OsmocomBB [wiki:layer23] program sends [wiki:GSMTAP] packets to the localhost ( address
of the loopback interface (lo). Please note that the wireshark program is doing passive capture,
i.e. if nothing is listening on the [wiki:GSMTAP] UDP port (4729), then you will see ICMP port unreachable
messages in addition to the GSMTAP messages. There are two suggested solutions to this: * Change the IP address to a multicast group like (instead of * Run some program that simply opens the UDP port and discards its content, e.g. using {{{nc -u -l -p 4729 > /dev/null}}}


Image(gsmtap-wireshark.png, 66%)

gsmtap-arfcn25-cccb.pcap - pcap file with GSMTAP data of BCCH received on ARFCN 25 in Berlin Marienstr. 11 (31.7 KB) laforge, 02/19/2010 10:23 PM

gsmtap-wireshark.png - screenshot of wireshark with gsmtap capture (122 KB) laforge, 02/19/2010 10:29 PM

wireshark-layer23-lapdm.png - screenshot of wireshark protocol decode of LAPDm LOC UPD REQ (148 KB) laforge, 03/04/2010 02:54 PM

layer23-lapdm-gsmtap.pcap - pcap file generated by layer23 showing BCCH/CCCH info, IMM ASS, LOC UPD REQ and LOC UPD REJ (4.76 KB) laforge, 03/04/2010 08:55 PM