Wireshark-users: Re: [Wireshark-users] Gr Interface
From: "Cortes, Joseph" <[email protected]>
Date: Mon, 26 Feb 2007 10:52:30 +0100
Florent,

Are you by any chance capturing ss7 directly using Wireshark?

If so what hardware (ss7 card are you using, OS, etc...)

Thanks

Joe

 

If you have any questions or comments please let me know.
 
Kind Regards
 
Joseph Cortes
 
Current Date & Time in Gibraltar
 
Joseph Cortes
Wireless Department
 
Gibtelecom 
P.O. Box 929
Suite 942 Europort
Gibraltar
 
Tel: +350 52211
GSM: +350 57003000
Fax: +350 57003500
Email: [email protected]
Web: www.gibtele.com
 
STANDARD EMAIL DISCLAIMER FOLLOWS FOR LEGAL REASONS: 
This electronic message contains information from GIBTELECOM which may
be privileged or confidential. The information is intended to be for the
use of the individual(s) or entity named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited. If you have
received this electronic message in error please notify us by telephone
or e-mail (to the number or address above) and delete it
 
Viruses: Although our Company attempts to sweep e-mail and attachments
for viruses, it does not guarantee that either are virus-free and
accepts no liability for any damage sustained as a result of viruses
 

-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of
[email protected]
Sent: 23 February 2007 13:04
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Gr Interface


      Joseph,


You could add your utility in the tools section of the wireshark wiki
http://wiki.wireshark.org/Tools

The datalink value for MTP2 is 140, so as the datalink is already
existing,
you do not need to use a User Datalink.
The value of the datalink are stored in wiretap/libpcap.c, or in the
libpcap sources.

Regards
Florent



 

                      "Cortes, Joseph"

                      <[email protected]         To:
"Community support list for Wireshark"                          
                      >
<[email protected]>

                      Sent by:                           cc:

                      [email protected]         Subject: Re:
[Wireshark-users] Gr Interface                              
                      reshark.org

 

 

                      23/02/2007 12:11

                      Please respond to

                      Community support list for

                      Wireshark

 





Florent,

I already realised that, I have actually written a small utility to ever
come this i.e. to convert from hex text to Wireshark pcap in one go.

Where can I post this for other users with this problem?

One small question why did you specify -l 140 ? Does this indicate MTP2,
I am using -l 147 and then setting the payload to MTP2 under one of the
DLT user settings for 147.

Joe





If you have any questions or comments please let me know.

Kind Regards

Joseph Cortes

Current Date & Time in Gibraltar

Joseph Cortes
Wireless Department

Gibtelecom
P.O. Box 929
Suite 942 Europort
Gibraltar

Tel: +350 52211
GSM: +350 57003000
Fax: +350 57003500
Email: [email protected]
Web: www.gibtele.com

STANDARD EMAIL DISCLAIMER FOLLOWS FOR LEGAL REASONS:
This electronic message contains information from GIBTELECOM which may
be privileged or confidential. The information is intended to be for the
use of the individual(s) or entity named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited. If you have
received this electronic message in error please notify us by telephone
or e-mail (to the number or address above) and delete it

Viruses: Although our Company attempts to sweep e-mail and attachments
for viruses, it does not guarantee that either are virus-free and
accepts no liability for any damage sustained as a result of viruses


-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of
[email protected]
Sent: 22 February 2007 17:14
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Gr Interface



      Hello,


You have to modify your test file to add an "ascii dump" at each end of
line, and to remove the lines containing a description
(see the attached text file).
Then you will have to convert the file with:
text2pcap -l 140 hex2.txt hex2.cap

The link layer for Gr interface is MTP2.

(See attached file: hex2.txt)(See attached file: hex2.cap)

Regards
Florent




                      "Cortes, Joseph"

                      <[email protected]         To:
<[email protected]>, <[email protected]>
                      >                                  cc:

                      Sent by:                           Subject:
[Wireshark-users] Gr Interface
                      [email protected]

                      reshark.org





                      22/02/2007 12:33

                      Please respond to

                      Community support list for

                      Wireshark







Hi,

Totally new to the wireshark product:

I've captured the following on the Gr interface i.e. between the SGSN
and
the HLR on a Nettest MPA 7300 and save the capture as hex only. (file
attached)

I've tried the text2pcap ? l 147 hex.txt hex.cap ( Not sure if this is
what
I should be doing) this creates the hex.cap file.

C:\Programs\Wireshark>text2pcap -l 147 hex.txt hex.cap
Input from: hex.txt
Output to: hex.cap
Wrote packet of 15 bytes at 0
Wrote packet of 15 bytes at 15
Wrote packet of 15 bytes at 30
Wrote packet of 15 bytes at 45
Wrote packet of 15 bytes at 60
Wrote packet of 15 bytes at 75
Read 6 potential packets, wrote 6 packets


I open this file with wireshark, then under DLT user A I select the
DLT=147
and the payload as gsm_map but I get

"DLT User A: No such proto: gsm_map"

How do I go about to decode this file??

Thanks

Joe





If you have any questions or comments please let me know.

Kind Regards

Joseph Cortes

Current Date & Time in Gibraltar

Joseph Cortes
Wireless Department

Gibtelecom
P.O. Box 929
Suite 942 Europort
Gibraltar

Tel: +350 52211
GSM: +350 57003000
Fax: +350 57003500
Email: [email protected]
Web: www.gibtele.com

STANDARD EMAIL DISCLAIMER FOLLOWS FOR LEGAL REASONS:
This electronic message contains information from GIBTELECOM which may
be
privileged or confidential. The information is intended to be for the
use
of the individual(s) or entity named above. If you are not the intended
recipient, be aware that any disclosure, copying, distribution or use of
the contents of this information is prohibited. If you have received
this
electronic message in error please notify us by telephone or e-mail (to
the
number or address above) and delete it

Viruses: Although our Company attempts to sweep e-mail and attachments
for
viruses, it does not guarantee that either are virus-free and accepts no
liability for any damage sustained as a result of viruses

 (See attached file: HEX.TXT)
_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users


_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users




_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users