Ethereal-dev: Re: [Ethereal-dev] SS7 ISUP

Note: This archive is from the project's previous web site, This list is no longer active.

From: Jeff Morriss <[email protected]>
Date: Wed, 14 Jul 2004 18:15:56 -0400

Willem Dekker wrote:

On Wednesday 14 July 2004 08:49, Dimitar Stoichev wrote:

Hello everybody,
I was wondering is there any development in the direction of sniffing SS7
traffic from a real (septel) SS7 card, that does not utilize sigtran.
Please share any information on ways to do that. Is this on the roadmap at

Best Regards


What our company (mBalance) is doing is the following. 
Tap the packet from the ss7 stack (lowest level possible), write it to a file. 
Then have a small perl script to convert this to the pcap format. 
As Jeff is writing there is a special linktype WTAP_ENCAP_MTP2 or
WTAP_ENCAP_MTP3 for specifying that this is an SS7 trace. 
As an example the following file:

The only thing what currently does not work is to indicate the timeslot and direction (RX/TX) information in the pcap file. So if somebody else on the list knows an easy solution, I'm all ears.
The SCCP dissector currently has a "Source PC" preference which is used 
to indicate the direction of the traffic (if OPC=="Source PC" then the 
message is outbound).  I think when it was introduced we had some 
discussion about moving (or copying?) that preference down to the MTP3 
dissector but I forget what happened with that (it wasn't implemented