ProtocolTracing » History » Version 6
laforge, 11/16/2016 04:55 PM
refer to osmoBTS
1 | 1 | ||
---|---|---|---|
2 | 6 | laforge | |
3 | 5 | laforge | h1. PCAP and protocol analysis |
4 | |||
5 | |||
6 | 2 | laforge | pcap is a data format for captured packets of communication protocols. It is used by a library called libpcap, which in turn is |
7 | used by popular network protocol analyzer projects such as tcpdump and wireshark. |
||
8 | |||
9 | In the Ethernet/Internet world, you typically capture packets from your ethernet card using RAW sockets and promiscuous mode. |
||
10 | |||
11 | 1 | With GSM protocols such as A-bis, it is obviously not that simple - since they are at least traditionally not transported over IP. |
|
12 | |||
13 | |||
14 | 5 | laforge | h1. Recording and viewing A-bis communication |
15 | 1 | ||
16 | |||
17 | |||
18 | 5 | laforge | h2. Recording |
19 | |||
20 | |||
21 | h3. Method 1: [[osmo-nitb]] PCAP option (obsolete) |
||
22 | |||
23 | |||
24 | The [[osmo-nitb]] application inside openbsc provides a command line option to automatically create a PCAP file. The resulting dump is only a subset of what is actually transmitted over the wire. Currently only Link Access Protol D-Channel (LAPD) messages are logged, the actual LAPD header is spoofed and only the TEI and SAPI information is invalid. This is mostly due mISDN not providing us with a LAPD header/frame and the encapsulation we use for wiretap/pcap. In the future there might be a dedicated encapsulation type for the complete mISDN traffic. |
||
25 | |||
26 | To write the protocol dump simply invoke [[osmo-nitb]]: |
||
27 | <pre> |
||
28 | 1 | ./osmo-nitb -p networking.pcap |
|
29 | 5 | laforge | </pre> |
30 | 1 | ||
31 | 5 | laforge | h3. Method 2: Using misdn_log |
32 | |||
33 | This is the preferred method in case you are using the mISDN input driver for [[OpenBSC]], e.g. with a BS-11 BTS. |
||
34 | |||
35 | In order to obtain a A-bis capture and save it in a pcap file, please use the _misdn_log_ tool (part of mISDNuser) |
||
36 | 1 | the following way: |
|
37 | 5 | laforge | <pre> |
38 | 1 | misdn_log -c0 -w networking.pcap |
|
39 | 5 | laforge | </pre> |
40 | Please make sure to *first start [[osmo-nitb]]* and only then start _misdn_log_ |
||
41 | 1 | ||
42 | |||
43 | 5 | laforge | h3. Method 3: Using tcpdump |
44 | 1 | ||
45 | 5 | laforge | |
46 | 6 | laforge | If you're using an _A-bis over IP_ based BTS such as any [[OsmoBTS:]] based BTS or the [nanoBTS], then you can use a regular tool like |
47 | 1 | tcpdump to create a pcap file |
|
48 | 5 | laforge | <pre> |
49 | 1 | tcpdump -ni eth0 -s 0 -w networking.pcap |
|
50 | 5 | laforge | </pre> |
51 | where _eth0_ is the name of the network device connected to the same network as the nanoBTS. |
||
52 | 2 | laforge | |
53 | 3 | laforge | |
54 | 5 | laforge | h2. Viewing |
55 | |||
56 | |||
57 | 2 | laforge | Wireshark already provides dissectors for the various protocols we use (LAPD, RSL, GSM-A, GSM-SMS...). The LAPD protocol dissector needs some minor configuration though. Go to Edit -> Preferences -> Protocols -> LAPD and check the checkbox saying "Use GSM Sapi Values". Afterwards wireshark will be able to display a lot of the A-bis protocol. There are some glitches in the protocol analysis, some missing features and dissection of OML is completely missing. |
58 | 1 | ||
59 | 5 | laforge | Also, only the most recent wireshark development versions contain a dissector for the _ip.access A-bis over IP protocol_. |
60 | 2 | laforge | We recommend you to build wireshark from the latest source code, or alternatively apply the patch that is found in the wireshark |
61 | directory of our git repository. |
||
62 | |||
63 | |||
64 | 5 | laforge | h3. A-bis OML dissector |
65 | |||
66 | |||
67 | To add a dissector for the GSM 12.21 A-bis Organization and Maintenance Layer (OML), you can use the _abis_oml.patch_ file |
||
68 | 2 | laforge | from the wireshark directory of our git repository. This will be submitted for inclusion into wireshark soon. |
69 | 1 | ||
70 | 5 | laforge | |
71 | h2. Dumps for you |
||
72 | |||
73 | 1 | ||
74 | Here are some dumps that might be useful. Make sure that you only provide data from your own network and equipment (no IMSI/IMEI you do not know...) |