WiresharkIntegration » History » Version 9
nion, 02/19/2016 10:49 PM
fix broken wiki syntax for nc command
1 | 1 | laforge | |
---|---|---|---|
2 | 9 | nion | h1. Wireshark integration |
3 | |||
4 | |||
5 | "wireshark":http://www.wireshark.org/ is a popular Free Software / Open Source protocol analyzer. Among many |
||
6 | 5 | laforge | other protocols, it includes dissectors for the GSM Layer 2 (TS 04.06 / LAPDm) and 3 (TS 04.8 04.08 / RR,MM,CC). |
7 | 1 | laforge | |
8 | 9 | nion | There also is a [[GSMTAP]] protocol dissector in recent wireshark versions, which allows |
9 | 1 | laforge | real-time capture and decode of GSM protocol messages encapsulated in a GSMTAP (pseudo-header, |
10 | which is in turn encapsulated in UDP and IP). |
||
11 | |||
12 | 9 | nion | So if you have a wireshark version with [[GSMTAP]] support (>1.4.0), you can have real-time decode and |
13 | trace of GSM protocol messages. You can also [[wireshark|compile wireshark]] yourself. |
||
14 | 1 | laforge | |
15 | 9 | nion | The [[OsmocomBB]] [[layer23]] program sends [[GSMTAP]] packets to the localhost (127.0.0.1) address |
16 | 4 | laforge | of the loopback interface (lo). Please note that the wireshark program is doing passive capture, |
17 | 9 | nion | i.e. if nothing is listening on the [[GSMTAP]] UDP port (4729), then you will see ICMP port unreachable |
18 | 4 | laforge | messages in addition to the GSMTAP messages. There are two suggested solutions to this: |
19 | 9 | nion | * Change the IP address to a multicast group like 224.0.0.1 (instead of 127.0.0.1) |
20 | <pre> |
||
21 | 8 | nion | |
22 | 9 | nion | |
23 | h2. Screenshot |
||
24 | |||
25 | 2 | laforge | |
26 | 1 | laforge | [[Image(gsmtap-wireshark.png, 66%)]] |