0 évaluation0% ont trouvé ce document utile (0 vote)
90 vues2 pages
1) pcap is a data format for captured network packets that is used by tools like tcpdump and wireshark.
2) There are three main methods for recording A-bis communication: using osmo-nitb, misdn_log, or tcpdump.
3) Wireshark can be used to view recorded A-bis communication with some configuration, though OML dissection is missing.
1) pcap is a data format for captured network packets that is used by tools like tcpdump and wireshark.
2) There are three main methods for recording A-bis communication: using osmo-nitb, misdn_log, or tcpdump.
3) Wireshark can be used to view recorded A-bis communication with some configuration, though OML dissection is missing.
Droits d'auteur :
Attribution Non-Commercial (BY-NC)
Formats disponibles
Téléchargez comme TXT, PDF, TXT ou lisez en ligne sur Scribd
1) pcap is a data format for captured network packets that is used by tools like tcpdump and wireshark.
2) There are three main methods for recording A-bis communication: using osmo-nitb, misdn_log, or tcpdump.
3) Wireshark can be used to view recorded A-bis communication with some configuration, though OML dissection is missing.
Droits d'auteur :
Attribution Non-Commercial (BY-NC)
Formats disponibles
Téléchargez comme TXT, PDF, TXT ou lisez en ligne sur Scribd
pcap is a data format for captured packets of communication protocols. It is us
ed by a library called libpcap, which in turn is used by popular network protocol analyzer projects such as tcpdump and wireshark . In the Ethernet/Internet world, you typically capture packets from your ethernet card using RAW sockets and promiscuous mode. With GSM protocols such as A-bis, it is obviously not that simple - since they a re at least traditionally not transported over IP. = Recording and viewing A-bis communication = == Recording == === Method 1: [wiki:osmo-nitb] PCAP option (obsolete) === The [wiki:osmo-nitb] application inside openbsc provides a command line option t o automatically create a PCAP file. The resulting dump is only a subset of what is actually transmitted over the wire. Currently only Link Access Protol D-Chann el (LAPD) messages are logged, the actual LAPD header is spoofed and only the TE I and SAPI information is invalid. This is mostly due mISDN not providing us wit h a LAPD header/frame and the encapsulation we use for wiretap/pcap. In the futu re there might be a dedicated encapsulation type for the complete mISDN traffic. To write the protocol dump simply invoke [wiki:osmo-nitb]: {{{ ./osmo-nitb -p networking.pcap }}} === Method 2: Using misdn_log === This is the preferred method in case you are using the mISDN input driver for Op enBSC, e.g. with a BS-11 BTS. In order to obtain a A-bis capture and save it in a pcap file, please use the '' misdn_log'' tool (part of mISDNuser) the following way: {{{ misdn_log -c0 -w networking.pcap }}} Please make sure to '''first start [wiki:osmo-nitb]''' and only then start ''mis dn_log'' === Method 3: Using tcpdump === If you're using an ''A-bis over IP'' based BTS such as the [nanoBTS], then you c an use a regular tool like tcpdump to create a pcap file {{{ tcpdump -ni eth0 -s 0 -w networking.pcap }}} where ''eth0'' is the name of the network device connected to the same network a s the nanoBTS. == Viewing == Wireshark already provides dissectors for the various protocols we use (LAPD, RS L, GSM-A, GSM-SMS...). The LAPD protocol dissector needs some minor configuratio n though. Go to Edit -> Preferences -> Protocols -> LAPD and check the checkbox saying "Use GSM Sapi Values". Afterwards wireshark will be able to display a lot of the A-bis protocol. There are some glitches in the protocol analysis, some m issing features and dissection of OML is completely missing. Also, only the most recent wireshark development versions contain a dissector fo r the ''ip.access A-bis over IP protocol''. We recommend you to build wireshark from the latest source code, or alternativel y apply the patch that is found in the wireshark directory of our git repository. === A-bis OML dissector === To add a dissector for the GSM 12.21 A-bis Organization and Maintenance Layer (O ML), you can use the ''abis_oml.patch'' file from the wireshark directory of our git repository. This will be submitted for inclusion into wireshark soon. == Dumps for you == Here are some dumps that might be useful. Make sure that you only provide data f rom your own network and equipment (no IMSI/IMEI you do not know...)