ProtocolTracing » History » Version 8
laforge, 11/16/2016 05:01 PM
1 | 7 | laforge | {{>toc}} |
---|---|---|---|
2 | 1 | ||
3 | 6 | laforge | |
4 | 5 | laforge | h1. PCAP and protocol analysis |
5 | |||
6 | 7 | laforge | You can take protocol traces of the communication bewtwween OpenBSC and your BTS. This includes the signalling between BTS and BSC, |
7 | but also includes the sognalling with all the subscribers/phones currently using the OpenBSC instance. |
||
8 | 5 | laforge | |
9 | 2 | laforge | pcap is a data format for captured packets of communication protocols. It is used by a library called libpcap, which in turn is |
10 | used by popular network protocol analyzer projects such as tcpdump and wireshark. |
||
11 | |||
12 | In the Ethernet/Internet world, you typically capture packets from your ethernet card using RAW sockets and promiscuous mode. |
||
13 | |||
14 | 1 | With GSM protocols such as A-bis, it is obviously not that simple - since they are at least traditionally not transported over IP. |
|
15 | |||
16 | |||
17 | h1. Recording and viewing A-bis communication |
||
18 | |||
19 | |||
20 | 5 | laforge | h2. Recording |
21 | 1 | ||
22 | 7 | laforge | h3. Method 1: Using tcpdump |
23 | 1 | ||
24 | 7 | laforge | If you're using an _A-bis over IP_ based BTS such as any [[OsmoBTS:]] based BTS or the [nanoBTS], then you can use a regular tool like |
25 | @tcpdump@ to create a pcap file |
||
26 | <pre> |
||
27 | tcpdump -ni eth0 -s 0 -w networking.pcap |
||
28 | </pre> |
||
29 | where _eth0_ is the name of the network device connected to the same network as the nanoBTS. |
||
30 | 5 | laforge | |
31 | 8 | laforge | If you would like to filter on only Abis traffic, make sure you capture only tcp ports 3002 and 3003, as well as 23000 for SGSN/Gb traffic. |
32 | 1 | ||
33 | 7 | laforge | h3. Method 2: [[osmo-nitb]] PCAP option (obsolete) |
34 | 1 | ||
35 | 7 | laforge | The [[osmo-nitb]] application inside openbsc provides a command line option to automatically create a PCAP file. |
36 | |||
37 | This method is the standard method when using any E1/T1 based A-bis interface, such as mISDN or DAHDI. |
||
38 | |||
39 | If you're using the kernel-based mISDN LAPD implementation, the resulting dump is only a subset of what is actually transmitted over the wire. Currently only Link Access Protol D-Channel (LAPD) messages are logged, the actual LAPD header is spoofed and only the TEI and SAPI information is valid. This is mostly due mISDN not providing us with a LAPD header/frame and the encapsulation we use for wiretap/pcap. |
||
40 | |||
41 | For the libosmocore based userspace LAPD implementation (always for DAHDI, in mISDN optional), you will see the full LAPD header. |
||
42 | |||
43 | 5 | laforge | To write the protocol dump simply invoke [[osmo-nitb]]: |
44 | 1 | <pre> |
|
45 | ./osmo-nitb -p networking.pcap |
||
46 | 5 | laforge | </pre> |
47 | |||
48 | 7 | laforge | h3. Method 3: Using misdn_log |
49 | 1 | ||
50 | 5 | laforge | This is the preferred method in case you are using the mISDN input driver for [[OpenBSC]], e.g. with a BS-11 BTS. |
51 | 1 | ||
52 | 5 | laforge | In order to obtain a A-bis capture and save it in a pcap file, please use the _misdn_log_ tool (part of mISDNuser) |
53 | 6 | laforge | the following way: |
54 | 1 | <pre> |
|
55 | 5 | laforge | misdn_log -c0 -w networking.pcap |
56 | 1 | </pre> |
|
57 | 5 | laforge | Please make sure to *first start [[osmo-nitb]]* and only then start _misdn_log_ |
58 | |||
59 | 2 | laforge | |
60 | 3 | laforge | |
61 | 5 | laforge | h2. Viewing |
62 | |||
63 | |||
64 | 2 | laforge | Wireshark already provides dissectors for the various protocols we use (LAPD, RSL, GSM-A, GSM-SMS...). The LAPD protocol dissector needs some minor configuration though. Go to Edit -> Preferences -> Protocols -> LAPD and check the checkbox saying "Use GSM Sapi Values". Afterwards wireshark will be able to display a lot of the A-bis protocol. There are some glitches in the protocol analysis, some missing features and dissection of OML is completely missing. |
65 | 1 | ||
66 | 5 | laforge | Also, only the most recent wireshark development versions contain a dissector for the _ip.access A-bis over IP protocol_. |
67 | 2 | laforge | We recommend you to build wireshark from the latest source code, or alternatively apply the patch that is found in the wireshark |
68 | directory of our git repository. |
||
69 | |||
70 | |||
71 | 5 | laforge | h3. A-bis OML dissector |
72 | |||
73 | |||
74 | To add a dissector for the GSM 12.21 A-bis Organization and Maintenance Layer (OML), you can use the _abis_oml.patch_ file |
||
75 | 2 | laforge | from the wireshark directory of our git repository. This will be submitted for inclusion into wireshark soon. |
76 | 1 | ||
77 | 5 | laforge | |
78 | h2. Dumps for you |
||
79 | |||
80 | 1 | ||
81 | Here are some dumps that might be useful. Make sure that you only provide data from your own network and equipment (no IMSI/IMEI you do not know...) |