blob: 588b4abee6131ce0d2d72f3605226f1ed9b9603a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
\section{wireshark Protocol Analyzer}
\begin{frame}{The wireshark protocol analyzer}
\begin{itemize}
\item Software protocol analyzer for plethora of protocols
\item Portable, works on most flavors of Unix and Windows
\item Decode, display, search and filter packets with configurable level of detail
\item Over 1000 protocol decoders
\item Over 86000 display filters
\item Live capturing from many different network media
\item Import files from other capture programs
\item Used to be called ethereal, but is now called wireshark
\item \url{http://www.wireshark.org/}
\item \url{http://www.wireshark.org/download/docs/user-guide-a4.pdf}
\end{itemize}
\end{frame}
\begin{frame}{The wireshark protocol analyzer}
GSM protocol dissectors in wireshark
\begin{itemize}
\item TCP/IP (transport layer for Abis/IP)
\item E1 Layer 2 (LAPD)
\item GSM Um Layer 2 (LAPDm)
\item GSM Layer 3 (RR, MM, CC)
\item A-bis Layer 3 (RSL)
\begin{itemize}
\item A-bis OML for Siemens and ip.access in OpenBSC git
\end{itemize}
\item GSMTAP pseudo-header (airprobe, OpenBTS, OsmocomBB)
\end{itemize}
\end{frame}
\begin{frame}{wireshark integration in OsmocomBB}
\begin{itemize}
\item OsmocomBB L1 runs on phone
\item OsmocomBB L23 runs on host PC
\item OsmocomBB L23 encapsulates 23byte L2 message in GSMTAP
\item GSMTAP includes information not present in L2, such as
\begin{itemize}
\item ARFCN, Timeslot
\item GSM Frame Number
\item Rx Signal Level / SNR
\end{itemize}
\item OsmocomBB L23 sends GSMTAP message over UDP socket
\item wireshark captures UDP packet like any UDP/IP
\end{itemize}
\end{frame}
\begin{frame}{wireshark integration in OpenBTS and airprobe}
\begin{itemize}
\item airprobe software runs on host PC
\item implements Rx-only GSM L1 as SDR
\item airprobe L23 encapsulates 23byte L2 message in GSMTAP
\item wireshark captures UDP packet like any UDP/IP
\item OpenBTS wireshark intergration similar, but for Rx + Tx
\end{itemize}
\end{frame}
\begin{frame}<handout:0>{The wireshark protocol analyzer}
Demonstration
\end{frame}
|