WiresharkIntegration » History » Revision 9
Revision 8 (nion, 02/19/2016 10:49 PM) → Revision 9/11 (nion, 02/19/2016 10:49 PM)
h1. = Wireshark integration "wireshark":http://www.wireshark.org/ = [http://www.wireshark.org/ wireshark] is a popular Free Software / Open Source protocol analyzer. Among many other protocols, it includes dissectors for the GSM Layer 2 (TS 04.06 / LAPDm) and 3 (TS 04.8 04.08 / RR,MM,CC). There also is a [[GSMTAP]] [wiki:GSMTAP] protocol dissector in recent wireshark versions, which allows real-time capture and decode of GSM protocol messages encapsulated in a GSMTAP (pseudo-header, which is in turn encapsulated in UDP and IP). So if you have a wireshark version with [[GSMTAP]] [wiki:GSMTAP] support (>1.4.0), you can have real-time decode and trace of GSM protocol messages. You can also [[wireshark|compile wireshark]] [wiki:wireshark compile wireshark] yourself. The [[OsmocomBB]] [[layer23]] OsmocomBB [wiki:layer23] program sends [[GSMTAP]] [wiki:GSMTAP] packets to the localhost (127.0.0.1) address of the loopback interface (lo). Please note that the wireshark program is doing passive capture, i.e. if nothing is listening on the [[GSMTAP]] [wiki:GSMTAP] UDP port (4729), then you will see ICMP port unreachable messages in addition to the GSMTAP messages. There are two suggested solutions to this: * Change the IP address to a multicast group like 224.0.0.1 (instead of 127.0.0.1) <pre> h2. * Run some program that simply opens the UDP port and discards its content, e.g. using {{{nc -u -l -p 4729 > /dev/null}}} == Screenshot == [[Image(gsmtap-wireshark.png, 66%)]]
