Project

General

Profile

WiresharkIntegration » History » Version 8

nion, 02/19/2016 10:49 PM
fix broken wiki syntax for nc command

1 1 laforge
= Wireshark integration =
2 1 laforge
3 5 laforge
[http://www.wireshark.org/ wireshark] is a popular Free Software / Open Source protocol analyzer.  Among many
4 5 laforge
other protocols, it includes dissectors for the GSM Layer 2 (TS 04.06 / LAPDm) and 3 (TS 04.8 04.08 / RR,MM,CC).
5 1 laforge
6 4 laforge
There also is a [wiki:GSMTAP] protocol dissector in recent wireshark versions, which allows
7 4 laforge
real-time capture and decode of GSM protocol messages encapsulated in a GSMTAP (pseudo-header,
8 4 laforge
which is in turn encapsulated in UDP and IP).
9 1 laforge
10 7 pauldart
So if you have a wireshark version with [wiki:GSMTAP] support (>1.4.0), you can have real-time decode and
11 6 tsaitgaist
trace of GSM protocol messages. You can also [wiki:wireshark compile wireshark] yourself.
12 1 laforge
13 4 laforge
The OsmocomBB [wiki:layer23] program sends [wiki:GSMTAP] packets to the localhost (127.0.0.1) address
14 4 laforge
of the loopback interface (lo).  Please note that the wireshark program is doing passive capture,
15 4 laforge
i.e. if nothing is listening on the [wiki:GSMTAP] UDP port (4729), then you will see ICMP port unreachable
16 4 laforge
messages in addition to the GSMTAP messages.  There are two suggested solutions to this:
17 4 laforge
 * Change the IP address to a multicast group like 224.0.0.1 (instead of 127.0.0.1)
18 8 nion
 * Run some program that simply opens the UDP port and discards its content, e.g. using {{{nc -u -l -p 4729 > /dev/null}}}
19 2 laforge
20 2 laforge
== Screenshot ==
21 2 laforge
22 2 laforge
[[Image(gsmtap-wireshark.png, 66%)]]
Add picture from clipboard (Maximum size: 48.8 MB)