diff options
Diffstat (limited to '2010/gsm_foss-mt2010/section-wireshark.tex')
| -rw-r--r-- | 2010/gsm_foss-mt2010/section-wireshark.tex | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/2010/gsm_foss-mt2010/section-wireshark.tex b/2010/gsm_foss-mt2010/section-wireshark.tex new file mode 100644 index 0000000..588b4ab --- /dev/null +++ b/2010/gsm_foss-mt2010/section-wireshark.tex @@ -0,0 +1,61 @@ +\section{wireshark Protocol Analyzer} + +\begin{frame}{The wireshark protocol analyzer} +\begin{itemize} + \item Software protocol analyzer for plethora of protocols + \item Portable, works on most flavors of Unix and Windows + \item Decode, display, search and filter packets with configurable level of detail + \item Over 1000 protocol decoders + \item Over 86000 display filters + \item Live capturing from many different network media + \item Import files from other capture programs + \item Used to be called ethereal, but is now called wireshark +\item \url{http://www.wireshark.org/} +\item \url{http://www.wireshark.org/download/docs/user-guide-a4.pdf} +\end{itemize} +\end{frame} + +\begin{frame}{The wireshark protocol analyzer} +GSM protocol dissectors in wireshark +\begin{itemize} + \item TCP/IP (transport layer for Abis/IP) + \item E1 Layer 2 (LAPD) + \item GSM Um Layer 2 (LAPDm) + \item GSM Layer 3 (RR, MM, CC) + \item A-bis Layer 3 (RSL) + \begin{itemize} + \item A-bis OML for Siemens and ip.access in OpenBSC git + \end{itemize} + \item GSMTAP pseudo-header (airprobe, OpenBTS, OsmocomBB) +\end{itemize} +\end{frame} + +\begin{frame}{wireshark integration in OsmocomBB} +\begin{itemize} + \item OsmocomBB L1 runs on phone + \item OsmocomBB L23 runs on host PC + \item OsmocomBB L23 encapsulates 23byte L2 message in GSMTAP + \item GSMTAP includes information not present in L2, such as + \begin{itemize} + \item ARFCN, Timeslot + \item GSM Frame Number + \item Rx Signal Level / SNR + \end{itemize} + \item OsmocomBB L23 sends GSMTAP message over UDP socket + \item wireshark captures UDP packet like any UDP/IP +\end{itemize} +\end{frame} + +\begin{frame}{wireshark integration in OpenBTS and airprobe} +\begin{itemize} + \item airprobe software runs on host PC + \item implements Rx-only GSM L1 as SDR + \item airprobe L23 encapsulates 23byte L2 message in GSMTAP + \item wireshark captures UDP packet like any UDP/IP + \item OpenBTS wireshark intergration similar, but for Rx + Tx +\end{itemize} +\end{frame} + +\begin{frame}<handout:0>{The wireshark protocol analyzer} + Demonstration +\end{frame} |