ProtocolTracing » History » Version 9
laforge, 06/14/2018 12:47 PM
major update after 10 years ;)
| 1 | 7 | laforge | {{>toc}} |
|---|---|---|---|
| 2 | 1 | ||
| 3 | 5 | laforge | h1. PCAP and protocol analysis |
| 4 | 1 | ||
| 5 | 9 | laforge | You can take protocol traces of the communication between OpenBSC, OsmoBSC or OsmoNITB and your BTS. This includes the signalling between BTS and BSC, but also includes the signalling with all the subscribers/phones currently using the Osmocom network. |
| 6 | 1 | ||
| 7 | 9 | laforge | pcap is a data format for captured packets of communication protocols. It is used by a library called libpcap, which in turn is used by popular network protocol analyzer projects such as tcpdump and wireshark. |
| 8 | 2 | laforge | |
| 9 | 9 | laforge | In the Ethernet/Internet world, you typically capture packets from your Ethernet card using RAW sockets and promiscuous mode. |
| 10 | 2 | laforge | |
| 11 | 9 | laforge | With GSM protocols such as classic A-bis iver E1, it is obviously not that simple - since they are at least traditionally not transported over IP. |
| 12 | 1 | ||
| 13 | |||
| 14 | h1. Recording and viewing A-bis communication |
||
| 15 | |||
| 16 | 5 | laforge | h2. Recording |
| 17 | 1 | ||
| 18 | 9 | laforge | h3. Method 1: Using tcpdump (Abis over IP) |
| 19 | 7 | laforge | |
| 20 | 9 | laforge | If you're using an _A-bis over IP_ based BTS such as any [[OsmoBTS:]] based BTS or the [[nanoBTS]], then you can use a regular tool like @tcpdump@ to create a pcap file |
| 21 | 7 | laforge | <pre> |
| 22 | tcpdump -ni eth0 -s 0 -w networking.pcap |
||
| 23 | </pre> |
||
| 24 | 9 | laforge | where _eth0_ is the name of the network device connected to the same network as the BTS. |
| 25 | 5 | laforge | |
| 26 | 8 | laforge | If you would like to filter on only Abis traffic, make sure you capture only tcp ports 3002 and 3003, as well as 23000 for SGSN/Gb traffic. |
| 27 | 1 | ||
| 28 | 7 | laforge | h3. Method 2: [[osmo-nitb]] PCAP option (obsolete) |
| 29 | 1 | ||
| 30 | 7 | laforge | The [[osmo-nitb]] application inside openbsc provides a command line option to automatically create a PCAP file. |
| 31 | |||
| 32 | This method is the standard method when using any E1/T1 based A-bis interface, such as mISDN or DAHDI. |
||
| 33 | 1 | ||
| 34 | 7 | laforge | If you're using the kernel-based mISDN LAPD implementation, the resulting dump is only a subset of what is actually transmitted over the wire. Currently only Link Access Protol D-Channel (LAPD) messages are logged, the actual LAPD header is spoofed and only the TEI and SAPI information is valid. This is mostly due mISDN not providing us with a LAPD header/frame and the encapsulation we use for wiretap/pcap. |
| 35 | |||
| 36 | For the libosmocore based userspace LAPD implementation (always for DAHDI, in mISDN optional), you will see the full LAPD header. |
||
| 37 | |||
| 38 | 5 | laforge | To write the protocol dump simply invoke [[osmo-nitb]]: |
| 39 | 1 | <pre> |
|
| 40 | ./osmo-nitb -p networking.pcap |
||
| 41 | 5 | laforge | </pre> |
| 42 | |||
| 43 | 1 | h3. Method 3: Using misdn_log |
|
| 44 | 7 | laforge | |
| 45 | 9 | laforge | This is the preferred method in case you are using the mISDN input driver for [[OpenBSC]], e.g. with a BS-11 or other E1 based BTS. |
| 46 | 1 | ||
| 47 | In order to obtain a A-bis capture and save it in a pcap file, please use the _misdn_log_ tool (part of mISDNuser) |
||
| 48 | the following way: |
||
| 49 | <pre> |
||
| 50 | 5 | laforge | misdn_log -c0 -w networking.pcap |
| 51 | 1 | </pre> |
|
| 52 | Please make sure to *first start [[osmo-nitb]]* and only then start _misdn_log_ |
||
| 53 | 5 | laforge | |
| 54 | 1 | ||
| 55 | |||
| 56 | 9 | laforge | h2. Viewing / wireshark settings |
| 57 | 5 | laforge | |
| 58 | 9 | laforge | Wireshark already provides dissectors for the various protocols we use (LAPD, RSL, GSM-A, GSM-SMS...). |
| 59 | 1 | ||
| 60 | 9 | laforge | h3. LAPD |
| 61 | 1 | ||
| 62 | 9 | laforge | The LAPD protocol dissector needs some minor configuration. Go to Edit -> Preferences -> Protocols -> LAPD and check the checkbox saying *Use GSM Sapi Values*. Afterwards wireshark will be able to display |
| 63 | 1 | ||
| 64 | 9 | laforge | h3. Abis over IP (gsm_ipa) |
| 65 | 2 | laforge | |
| 66 | 9 | laforge | wireshark contains a dissector for the IPA multiplex, which is used in Abis-over-IP by [[nanoBTS]] or [[OsmoBTS:]] devices. |
| 67 | 5 | laforge | |
| 68 | 9 | laforge | h3. A-bis OML (gsm_abis_oml) |
| 69 | 5 | laforge | |
| 70 | 9 | laforge | Make sure you are selecting the OML dialect that matches your BTS vendor/model. This can be done in the |
| 71 | *A-bis OML dialect to be used* preference of the OML dissector. You have the following options: |
||
| 72 | 5 | laforge | |
| 73 | 9 | laforge | * ETSI/3GPP TS 12.21 (just those common parts that are specified by 3GPP) |
| 74 | * Siemens (for BS-11 and other Siemens BTSs) |
||
| 75 | * ip.access (for [[nanoBTS]] and [[OsmoBTS:]]) |
||
| 76 | * Ericsson OM2000 (for Ericsson RBS2000 + RBS6000) |
||
| 77 | 5 | laforge | |
| 78 | 9 | laforge | h3. A-bis RSL (gsm_abis_rsl) |
| 79 | 5 | laforge | |
| 80 | 9 | laforge | If you're using Abis/IP with [[nanoBTS]] or [[OsmoBTS:]], you should check the *use nanoBTS definitions* protocol preference setting. It enables decoding of vendor-specific messages and information elements, such as the IPA CRCX/MDCX/DLCX. |
| 81 | |||
| 82 | |||
| 83 | |||
| 84 | |||
| 85 | h2. Dumps for you |
||
| 86 | 1 | ||
| 87 | Here are some dumps that might be useful. Make sure that you only provide data from your own network and equipment (no IMSI/IMEI you do not know...) |
