On Wednesday 14 July 2004 08:49, Dimitar Stoichev wrote:
> Hello everybody,
> I was wondering is there any development in the direction of sniffing SS7
> traffic from a real (septel) SS7 card, that does not utilize sigtran.
> Please share any information on ways to do that. Is this on the roadmap at
> all?
>
> Best Regards
> Dimitar
>
Dimitar,
What our company (mBalance) is doing is the following.
Tap the packet from the ss7 stack (lowest level possible), write it to a file.
Then have a small perl script to convert this to the pcap format.
As Jeff is writing there is a special linktype WTAP_ENCAP_MTP2 or
WTAP_ENCAP_MTP3 for specifying that this is an SS7 trace.
As an example the following file:
$ od -x test.pcap
0000000 c3d4 a1b2 0002 0004 0000 0000 0000 0000
0000020 ffff 0000 008d 0000 ad7d 3f9f ed80 173e
0000040 00ee 0000 00ee 0000 2783 2847 0970 0380
0000060 190e 120b 0008 0411 2613 0816 0119 120b
0000100 0008 0411 2613 0816 0130 65cb c881 0348
0000120 003e 499c 8504 86c7 6c5c ba81 81a1 02b7
0000140 0101 0102 302e ae81 0784 1391 0626 3200
0000160 82f0 9107 1613 4189 f585 8104 d199 0ae7
0000200 6081 7905 1164 0000 a0a7 0005 c703 0102
0000220 6b92 ba10 062c dfb1 1074 ceba 8386 efde
0000240 c835 2e9d 41d3 37ee 7d39 9506 a0dd 7bf7
0000260 720d dfbf 3a69 5ce8 cbb6 e1c3 d933 5205
0000300 d5a6 7ba0 4d9a 832e e9c8 0832 76fd 4193
0000320 b4e2 a41a 832e e5dc d976 02ed d725 7d20
0000340 0d39 b30a f441 b9f2 06ec c3b5 31f2 1c88
0000360 83a6 e9c8 8832 a61c c483 7a65 0e59 a772
0000400 74cb fad0 06ed df91 b765 540b 8374 6ed2
0000420 5972 0e4e c987
0000426
The only thing what currently does not work is to indicate the timeslot and
direction (RX/TX) information in the pcap file. So if somebody else on the
list knows an easy solution, I'm all ears.
Hope it helps,
Willem Dekker
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
