WiresharkIntegration » History » Version 9
nion, 02/19/2016 10:49 PM
fix broken wiki syntax for nc command
| 1 | 1 | laforge | |
|---|---|---|---|
| 2 | 9 | nion | h1. Wireshark integration |
| 3 | |||
| 4 | |||
| 5 | "wireshark":http://www.wireshark.org/ is a popular Free Software / Open Source protocol analyzer. Among many |
||
| 6 | 5 | laforge | other protocols, it includes dissectors for the GSM Layer 2 (TS 04.06 / LAPDm) and 3 (TS 04.8 04.08 / RR,MM,CC). |
| 7 | 1 | laforge | |
| 8 | 9 | nion | There also is a [[GSMTAP]] protocol dissector in recent wireshark versions, which allows |
| 9 | 1 | laforge | real-time capture and decode of GSM protocol messages encapsulated in a GSMTAP (pseudo-header, |
| 10 | which is in turn encapsulated in UDP and IP). |
||
| 11 | |||
| 12 | 9 | nion | So if you have a wireshark version with [[GSMTAP]] support (>1.4.0), you can have real-time decode and |
| 13 | trace of GSM protocol messages. You can also [[wireshark|compile wireshark]] yourself. |
||
| 14 | 1 | laforge | |
| 15 | 9 | nion | The [[OsmocomBB]] [[layer23]] program sends [[GSMTAP]] packets to the localhost (127.0.0.1) address |
| 16 | 4 | laforge | of the loopback interface (lo). Please note that the wireshark program is doing passive capture, |
| 17 | 9 | nion | i.e. if nothing is listening on the [[GSMTAP]] UDP port (4729), then you will see ICMP port unreachable |
| 18 | 4 | laforge | messages in addition to the GSMTAP messages. There are two suggested solutions to this: |
| 19 | 9 | nion | * Change the IP address to a multicast group like 224.0.0.1 (instead of 127.0.0.1) |
| 20 | <pre> |
||
| 21 | 8 | nion | |
| 22 | 9 | nion | |
| 23 | h2. Screenshot |
||
| 24 | |||
| 25 | 2 | laforge | |
| 26 | 1 | laforge | [[Image(gsmtap-wireshark.png, 66%)]] |
