ProtocolTracing » History » Version 5
laforge, 02/19/2016 10:48 PM
rename bsc_hack to osmo-nitb in page text
1 | 1 | ||
---|---|---|---|
2 | 5 | laforge | h1. PCAP and protocol analysis |
3 | |||
4 | |||
5 | 2 | laforge | pcap is a data format for captured packets of communication protocols. It is used by a library called libpcap, which in turn is |
6 | used by popular network protocol analyzer projects such as tcpdump and wireshark. |
||
7 | |||
8 | In the Ethernet/Internet world, you typically capture packets from your ethernet card using RAW sockets and promiscuous mode. |
||
9 | |||
10 | 1 | With GSM protocols such as A-bis, it is obviously not that simple - since they are at least traditionally not transported over IP. |
|
11 | |||
12 | |||
13 | 5 | laforge | h1. Recording and viewing A-bis communication |
14 | 1 | ||
15 | |||
16 | |||
17 | 5 | laforge | h2. Recording |
18 | |||
19 | |||
20 | |||
21 | h3. Method 1: [[osmo-nitb]] PCAP option (obsolete) |
||
22 | |||
23 | |||
24 | The [[osmo-nitb]] application inside openbsc provides a command line option to automatically create a PCAP file. The resulting dump is only a subset of what is actually transmitted over the wire. Currently only Link Access Protol D-Channel (LAPD) messages are logged, the actual LAPD header is spoofed and only the TEI and SAPI information is invalid. This is mostly due mISDN not providing us with a LAPD header/frame and the encapsulation we use for wiretap/pcap. In the future there might be a dedicated encapsulation type for the complete mISDN traffic. |
||
25 | |||
26 | To write the protocol dump simply invoke [[osmo-nitb]]: |
||
27 | <pre> |
||
28 | 1 | ./osmo-nitb -p networking.pcap |
|
29 | 5 | laforge | </pre> |
30 | 1 | ||
31 | 5 | laforge | h3. Method 2: Using misdn_log |
32 | 1 | ||
33 | 5 | laforge | |
34 | This is the preferred method in case you are using the mISDN input driver for [[OpenBSC]], e.g. with a BS-11 BTS. |
||
35 | |||
36 | In order to obtain a A-bis capture and save it in a pcap file, please use the _misdn_log_ tool (part of mISDNuser) |
||
37 | 1 | the following way: |
|
38 | 5 | laforge | <pre> |
39 | 1 | misdn_log -c0 -w networking.pcap |
|
40 | 5 | laforge | </pre> |
41 | Please make sure to *first start [[osmo-nitb]]* and only then start _misdn_log_ |
||
42 | 1 | ||
43 | |||
44 | 5 | laforge | h3. Method 3: Using tcpdump |
45 | |||
46 | |||
47 | If you're using an _A-bis over IP_ based BTS such as the [nanoBTS], then you can use a regular tool like |
||
48 | 1 | tcpdump to create a pcap file |
|
49 | 5 | laforge | <pre> |
50 | 1 | tcpdump -ni eth0 -s 0 -w networking.pcap |
|
51 | 5 | laforge | </pre> |
52 | where _eth0_ is the name of the network device connected to the same network as the nanoBTS. |
||
53 | 2 | laforge | |
54 | 3 | laforge | |
55 | 5 | laforge | h2. Viewing |
56 | |||
57 | |||
58 | 2 | laforge | Wireshark already provides dissectors for the various protocols we use (LAPD, RSL, GSM-A, GSM-SMS...). The LAPD protocol dissector needs some minor configuration though. Go to Edit -> Preferences -> Protocols -> LAPD and check the checkbox saying "Use GSM Sapi Values". Afterwards wireshark will be able to display a lot of the A-bis protocol. There are some glitches in the protocol analysis, some missing features and dissection of OML is completely missing. |
59 | 1 | ||
60 | 5 | laforge | Also, only the most recent wireshark development versions contain a dissector for the _ip.access A-bis over IP protocol_. |
61 | 2 | laforge | We recommend you to build wireshark from the latest source code, or alternatively apply the patch that is found in the wireshark |
62 | directory of our git repository. |
||
63 | |||
64 | |||
65 | 5 | laforge | h3. A-bis OML dissector |
66 | |||
67 | |||
68 | To add a dissector for the GSM 12.21 A-bis Organization and Maintenance Layer (OML), you can use the _abis_oml.patch_ file |
||
69 | 2 | laforge | from the wireshark directory of our git repository. This will be submitted for inclusion into wireshark soon. |
70 | 1 | ||
71 | 5 | laforge | |
72 | h2. Dumps for you |
||
73 | |||
74 | 1 | ||
75 | Here are some dumps that might be useful. Make sure that you only provide data from your own network and equipment (no IMSI/IMEI you do not know...) |