ProtocolTracing » History » Version 8
laforge, 11/16/2016 05:01 PM
| 1 | 7 | laforge | {{>toc}} |
|---|---|---|---|
| 2 | 1 | ||
| 3 | 6 | laforge | |
| 4 | 5 | laforge | h1. PCAP and protocol analysis |
| 5 | |||
| 6 | 7 | laforge | You can take protocol traces of the communication bewtwween OpenBSC and your BTS. This includes the signalling between BTS and BSC, |
| 7 | but also includes the sognalling with all the subscribers/phones currently using the OpenBSC instance. |
||
| 8 | 5 | laforge | |
| 9 | 2 | laforge | pcap is a data format for captured packets of communication protocols. It is used by a library called libpcap, which in turn is |
| 10 | used by popular network protocol analyzer projects such as tcpdump and wireshark. |
||
| 11 | |||
| 12 | In the Ethernet/Internet world, you typically capture packets from your ethernet card using RAW sockets and promiscuous mode. |
||
| 13 | |||
| 14 | 1 | With GSM protocols such as A-bis, it is obviously not that simple - since they are at least traditionally not transported over IP. |
|
| 15 | |||
| 16 | |||
| 17 | h1. Recording and viewing A-bis communication |
||
| 18 | |||
| 19 | |||
| 20 | 5 | laforge | h2. Recording |
| 21 | 1 | ||
| 22 | 7 | laforge | h3. Method 1: Using tcpdump |
| 23 | 1 | ||
| 24 | 7 | laforge | If you're using an _A-bis over IP_ based BTS such as any [[OsmoBTS:]] based BTS or the [nanoBTS], then you can use a regular tool like |
| 25 | @tcpdump@ to create a pcap file |
||
| 26 | <pre> |
||
| 27 | tcpdump -ni eth0 -s 0 -w networking.pcap |
||
| 28 | </pre> |
||
| 29 | where _eth0_ is the name of the network device connected to the same network as the nanoBTS. |
||
| 30 | 5 | laforge | |
| 31 | 8 | laforge | If you would like to filter on only Abis traffic, make sure you capture only tcp ports 3002 and 3003, as well as 23000 for SGSN/Gb traffic. |
| 32 | 1 | ||
| 33 | 7 | laforge | h3. Method 2: [[osmo-nitb]] PCAP option (obsolete) |
| 34 | 1 | ||
| 35 | 7 | laforge | The [[osmo-nitb]] application inside openbsc provides a command line option to automatically create a PCAP file. |
| 36 | |||
| 37 | This method is the standard method when using any E1/T1 based A-bis interface, such as mISDN or DAHDI. |
||
| 38 | |||
| 39 | If you're using the kernel-based mISDN LAPD implementation, the resulting dump is only a subset of what is actually transmitted over the wire. Currently only Link Access Protol D-Channel (LAPD) messages are logged, the actual LAPD header is spoofed and only the TEI and SAPI information is valid. This is mostly due mISDN not providing us with a LAPD header/frame and the encapsulation we use for wiretap/pcap. |
||
| 40 | |||
| 41 | For the libosmocore based userspace LAPD implementation (always for DAHDI, in mISDN optional), you will see the full LAPD header. |
||
| 42 | |||
| 43 | 5 | laforge | To write the protocol dump simply invoke [[osmo-nitb]]: |
| 44 | 1 | <pre> |
|
| 45 | ./osmo-nitb -p networking.pcap |
||
| 46 | 5 | laforge | </pre> |
| 47 | |||
| 48 | 7 | laforge | h3. Method 3: Using misdn_log |
| 49 | 1 | ||
| 50 | 5 | laforge | This is the preferred method in case you are using the mISDN input driver for [[OpenBSC]], e.g. with a BS-11 BTS. |
| 51 | 1 | ||
| 52 | 5 | laforge | In order to obtain a A-bis capture and save it in a pcap file, please use the _misdn_log_ tool (part of mISDNuser) |
| 53 | 6 | laforge | the following way: |
| 54 | 1 | <pre> |
|
| 55 | 5 | laforge | misdn_log -c0 -w networking.pcap |
| 56 | 1 | </pre> |
|
| 57 | 5 | laforge | Please make sure to *first start [[osmo-nitb]]* and only then start _misdn_log_ |
| 58 | |||
| 59 | 2 | laforge | |
| 60 | 3 | laforge | |
| 61 | 5 | laforge | h2. Viewing |
| 62 | |||
| 63 | |||
| 64 | 2 | laforge | Wireshark already provides dissectors for the various protocols we use (LAPD, RSL, GSM-A, GSM-SMS...). The LAPD protocol dissector needs some minor configuration though. Go to Edit -> Preferences -> Protocols -> LAPD and check the checkbox saying "Use GSM Sapi Values". Afterwards wireshark will be able to display a lot of the A-bis protocol. There are some glitches in the protocol analysis, some missing features and dissection of OML is completely missing. |
| 65 | 1 | ||
| 66 | 5 | laforge | Also, only the most recent wireshark development versions contain a dissector for the _ip.access A-bis over IP protocol_. |
| 67 | 2 | laforge | We recommend you to build wireshark from the latest source code, or alternatively apply the patch that is found in the wireshark |
| 68 | directory of our git repository. |
||
| 69 | |||
| 70 | |||
| 71 | 5 | laforge | h3. A-bis OML dissector |
| 72 | |||
| 73 | |||
| 74 | To add a dissector for the GSM 12.21 A-bis Organization and Maintenance Layer (OML), you can use the _abis_oml.patch_ file |
||
| 75 | 2 | laforge | from the wireshark directory of our git repository. This will be submitted for inclusion into wireshark soon. |
| 76 | 1 | ||
| 77 | 5 | laforge | |
| 78 | h2. Dumps for you |
||
| 79 | |||
| 80 | 1 | ||
| 81 | Here are some dumps that might be useful. Make sure that you only provide data from your own network and equipment (no IMSI/IMEI you do not know...) |
