ProtocolTracing » History » Revision 5
Revision 4 (laforge, 02/19/2016 10:47 PM) → Revision 5/9 (laforge, 02/19/2016 10:48 PM)
h1. = PCAP and protocol analysis = pcap is a data format for captured packets of communication protocols. It is used by a library called libpcap, which in turn is used by popular network protocol analyzer projects such as tcpdump and wireshark. In the Ethernet/Internet world, you typically capture packets from your ethernet card using RAW sockets and promiscuous mode. With GSM protocols such as A-bis, it is obviously not that simple - since they are at least traditionally not transported over IP. h1. = Recording and viewing A-bis communication h2. = == Recording h3. == === Method 1: [[osmo-nitb]] [wiki:osmo-nitb] PCAP option (obsolete) === The [[osmo-nitb]] [wiki:osmo-nitb] application inside openbsc provides a command line option to automatically create a PCAP file. The resulting dump is only a subset of what is actually transmitted over the wire. Currently only Link Access Protol D-Channel (LAPD) messages are logged, the actual LAPD header is spoofed and only the TEI and SAPI information is invalid. This is mostly due mISDN not providing us with a LAPD header/frame and the encapsulation we use for wiretap/pcap. In the future there might be a dedicated encapsulation type for the complete mISDN traffic. To write the protocol dump simply invoke [[osmo-nitb]]: [wiki:osmo-nitb]: <pre> {{{ ./osmo-nitb -p networking.pcap </pre> h3. }}} === Method 2: Using misdn_log === This is the preferred method in case you are using the mISDN input driver for [[OpenBSC]], OpenBSC, e.g. with a BS-11 BTS. In order to obtain a A-bis capture and save it in a pcap file, please use the _misdn_log_ ''misdn_log'' tool (part of mISDNuser) the following way: <pre> {{{ misdn_log -c0 -w networking.pcap </pre> }}} Please make sure to *first '''first start [[osmo-nitb]]* [wiki:osmo-nitb]''' and only then start _misdn_log_ h3. ''misdn_log'' === Method 3: Using tcpdump === If you're using an _A-bis ''A-bis over IP_ IP'' based BTS such as the [nanoBTS], then you can use a regular tool like tcpdump to create a pcap file <pre> {{{ tcpdump -ni eth0 -s 0 -w networking.pcap </pre> }}} where _eth0_ ''eth0'' is the name of the network device connected to the same network as the nanoBTS. h2. == Viewing == Wireshark already provides dissectors for the various protocols we use (LAPD, RSL, GSM-A, GSM-SMS...). The LAPD protocol dissector needs some minor configuration though. Go to Edit -> Preferences -> Protocols -> LAPD and check the checkbox saying "Use GSM Sapi Values". Afterwards wireshark will be able to display a lot of the A-bis protocol. There are some glitches in the protocol analysis, some missing features and dissection of OML is completely missing. Also, only the most recent wireshark development versions contain a dissector for the _ip.access ''ip.access A-bis over IP protocol_. protocol''. We recommend you to build wireshark from the latest source code, or alternatively apply the patch that is found in the wireshark directory of our git repository. h3. === A-bis OML dissector === To add a dissector for the GSM 12.21 A-bis Organization and Maintenance Layer (OML), you can use the _abis_oml.patch_ ''abis_oml.patch'' file from the wireshark directory of our git repository. This will be submitted for inclusion into wireshark soon. h2. == Dumps for you == Here are some dumps that might be useful. Make sure that you only provide data from your own network and equipment (no IMSI/IMEI you do not know...)