Wireshark integration¶

wireshark is a popular Free Software / Open Source protocol analyzer. Among many
other protocols, it includes dissectors for the GSM Layer 2 (TS 04.06 / LAPDm) and 3 (TS 04.8 04.08 / RR,MM,CC).

There also is a GSMTAP protocol dissector in recent wireshark versions, which allows
real-time capture and decode of GSM protocol messages encapsulated in a GSMTAP (pseudo-header,
which is in turn encapsulated in UDP and IP).

So if you have a wireshark version with GSMTAP support (>1.4.0), you can have real-time decode and
trace of GSM protocol messages. You can also compile wireshark yourself.

The OsmocomBB layer23 program sends GSMTAP packets to the localhost (127.0.0.1) address
of the loopback interface (lo). Please note that the wireshark program is doing passive capture,
i.e. if nothing is listening on the GSMTAP UDP port (4729), then you will see ICMP port unreachable
messages in addition to the GSMTAP messages. There are two suggested solutions to this:

• Change the IP address to a multicast group like 224.0.0.1 (instead of 127.0.0.1)
• Run some program that simply opens the UDP port and discards its content, e.g. using nc -u -l -p 4729 > /dev/null

Screenshot¶