WiresharkIntegration » History » Revision 10
Revision 9 (nion, 02/19/2016 10:49 PM) → Revision 10/11 (laforge, 02/21/2016 10:12 AM)
h1. Wireshark integration "wireshark":http://www.wireshark.org/ is a popular Free Software / Open Source protocol analyzer. Among many other protocols, it includes dissectors for the GSM Layer 2 (TS 04.06 / LAPDm) and 3 (TS 04.8 04.08 / RR,MM,CC). There also is a [[GSMTAP]] protocol dissector in recent wireshark versions, which allows real-time capture and decode of GSM protocol messages encapsulated in a GSMTAP (pseudo-header, which is in turn encapsulated in UDP and IP). So if you have a wireshark version with [[GSMTAP]] support (>1.4.0), you can have real-time decode and trace of GSM protocol messages. You can also [[wireshark|compile wireshark]] yourself. The [[OsmocomBB]] [[layer23]] program sends [[GSMTAP]] packets to the localhost (127.0.0.1) address of the loopback interface (lo). Please note that the wireshark program is doing passive capture, i.e. if nothing is listening on the [[GSMTAP]] UDP port (4729), then you will see ICMP port unreachable messages in addition to the GSMTAP messages. There are two suggested solutions to this: * Change the IP address to a multicast group like 224.0.0.1 (instead of 127.0.0.1) * Run some program that simply opens the UDP port and discards its content, e.g. using @nc -u -l -p 4729 > /dev/null@ <pre> h2. Screenshot !{width=100%}gsmtap-wireshark.png! [[Image(gsmtap-wireshark.png, 66%)]]