Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Ethereal-dev: Re: [Ethereal-dev] SS7 ISUP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jeff Morriss <jeff_morriss@xxxxxxxxxxx>
Date: Wed, 14 Jul 2004 18:15:56 -0400


Willem Dekker wrote:

On Wednesday 14 July 2004 08:49, Dimitar Stoichev wrote:

Hello everybody,
I was wondering is there any development in the direction of sniffing SS7
traffic from a real (septel) SS7 card, that does not utilize sigtran.
Please share any information on ways to do that. Is this on the roadmap at
all?

Best Regards
Dimitar


Dimitar, What our company (mBalance) is doing is the following. Tap the packet from the ss7 stack (lowest level possible), write it to a file. Then have a small perl script to convert this to the pcap format. As Jeff is writing there is a special linktype WTAP_ENCAP_MTP2 or WTAP_ENCAP_MTP3 for specifying that this is an SS7 trace. As an example the following file:

[...]

The only thing what currently does not work is to indicate the timeslot and direction (RX/TX) information in the pcap file. So if somebody else on the list knows an easy solution, I'm all ears.

The SCCP dissector currently has a "Source PC" preference which is used to indicate the direction of the traffic (if OPC=="Source PC" then the message is outbound). I think when it was introduced we had some discussion about moving (or copying?) that preference down to the MTP3 dissector but I forget what happened with that (it wasn't implemented anyway).