Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Gr Interface

Date: Tue, 27 Feb 2007 11:53:54 +0100

      Hello Joseph,


Sorry for the delay.
As said Anders, you can have a look at the wiki.
The boards integrated with the PCAP library can be used under several OSs
(libpcap for Unix, Winpcap for windows) to do realtime monitoring.
In any case, I suggest you to use the last PCAP library, there are a lot of
changes concerning the SS7.

Regards
Florent



                                                                                                                                  
                      "Anders Broman \(AL/EAB\)"                                                                                  
                      <anders.broman@xxxxxxxxxxx         To:      "Community support list for Wireshark"                          
                      m>                                 <wireshark-users@xxxxxxxxxxxxx>                                          
                      Sent by:                           cc:                                                                      
                      wireshark-users-bounces@wi         Subject: Re: [Wireshark-users] Gr Interface                              
                      reshark.org                                                                                                 
                                                                                                                                  
                                                                                                                                  
                      26/02/2007 11:44                                                                                            
                      Please respond to                                                                                           
                      Community support list for                                                                                  
                      Wireshark                                                                                                   
                                                                                                                                  




Hi,
You can find some information on SS7 capture here
http://wiki.wireshark.org/CaptureSetup/SS7
Best regards
Anders

________________________________

Från: wireshark-users-bounces@xxxxxxxxxxxxx genom Cortes, Joseph
Skickat: må 2007-02-26 10:52
Till: Community support list for Wireshark
Ämne: Re: [Wireshark-users] Gr Interface



Florent,

Are you by any chance capturing ss7 directly using Wireshark?

If so what hardware (ss7 card are you using, OS, etc...)

Thanks

Joe



If you have any questions or comments please let me know.

Kind Regards

Joseph Cortes

Current Date & Time in Gibraltar

Joseph Cortes
Wireless Department

Gibtelecom
P.O. Box 929
Suite 942 Europort
Gibraltar

Tel: +350 52211
GSM: +350 57003000
Fax: +350 57003500
Email: joseph.cortes@xxxxxxxxxxx
Web: www.gibtele.com

STANDARD EMAIL DISCLAIMER FOLLOWS FOR LEGAL REASONS:
This electronic message contains information from GIBTELECOM which may
be privileged or confidential. The information is intended to be for the
use of the individual(s) or entity named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited. If you have
received this electronic message in error please notify us by telephone
or e-mail (to the number or address above) and delete it

Viruses: Although our Company attempts to sweep e-mail and attachments
for viruses, it does not guarantee that either are virus-free and
accepts no liability for any damage sustained as a result of viruses


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
Florent.Drouin@xxxxxxxxxxxxxxxxx
Sent: 23 February 2007 13:04
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Gr Interface


      Joseph,


You could add your utility in the tools section of the wireshark wiki
http://wiki.wireshark.org/Tools

The datalink value for MTP2 is 140, so as the datalink is already
existing,
you do not need to use a User Datalink.
The value of the datalink are stored in wiretap/libpcap.c, or in the
libpcap sources.

Regards
Florent





                      "Cortes, Joseph"

                      <joseph.cortes@xxxxxxxxxxx         To:
"Community support list for Wireshark"
                      >
<wireshark-users@xxxxxxxxxxxxx>

                      Sent by:                           cc:

                      wireshark-users-bounces@wi         Subject: Re:
[Wireshark-users] Gr Interface
                      reshark.org





                      23/02/2007 12:11

                      Please respond to

                      Community support list for

                      Wireshark







Florent,

I already realised that, I have actually written a small utility to ever
come this i.e. to convert from hex text to Wireshark pcap in one go.

Where can I post this for other users with this problem?

One small question why did you specify -l 140 ? Does this indicate MTP2,
I am using -l 147 and then setting the payload to MTP2 under one of the
DLT user settings for 147.

Joe





If you have any questions or comments please let me know.

Kind Regards

Joseph Cortes

Current Date & Time in Gibraltar

Joseph Cortes
Wireless Department

Gibtelecom
P.O. Box 929
Suite 942 Europort
Gibraltar

Tel: +350 52211
GSM: +350 57003000
Fax: +350 57003500
Email: joseph.cortes@xxxxxxxxxxx
Web: www.gibtele.com

STANDARD EMAIL DISCLAIMER FOLLOWS FOR LEGAL REASONS:
This electronic message contains information from GIBTELECOM which may
be privileged or confidential. The information is intended to be for the
use of the individual(s) or entity named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited. If you have
received this electronic message in error please notify us by telephone
or e-mail (to the number or address above) and delete it

Viruses: Although our Company attempts to sweep e-mail and attachments
for viruses, it does not guarantee that either are virus-free and
accepts no liability for any damage sustained as a result of viruses


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
Florent.Drouin@xxxxxxxxxxxxxxxxx
Sent: 22 February 2007 17:14
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Gr Interface



      Hello,


You have to modify your test file to add an "ascii dump" at each end of
line, and to remove the lines containing a description
(see the attached text file).
Then you will have to convert the file with:
text2pcap -l 140 hex2.txt hex2.cap

The link layer for Gr interface is MTP2.

(See attached file: hex2.txt)(See attached file: hex2.cap)

Regards
Florent




                      "Cortes, Joseph"

                      <joseph.cortes@xxxxxxxxxxx         To:
<wireshark-users@xxxxxxxxxxxxx>, <wireshark-dev@xxxxxxxxxxxxx>
                      >                                  cc:

                      Sent by:                           Subject:
[Wireshark-users] Gr Interface
                      wireshark-users-bounces@wi

                      reshark.org





                      22/02/2007 12:33

                      Please respond to

                      Community support list for

                      Wireshark







Hi,

Totally new to the wireshark product:

I've captured the following on the Gr interface i.e. between the SGSN
and
the HLR on a Nettest MPA 7300 and save the capture as hex only. (file
attached)

I've tried the text2pcap ? l 147 hex.txt hex.cap ( Not sure if this is
what
I should be doing) this creates the hex.cap file.

C:\Programs\Wireshark>text2pcap -l 147 hex.txt hex.cap
Input from: hex.txt
Output to: hex.cap
Wrote packet of 15 bytes at 0
Wrote packet of 15 bytes at 15
Wrote packet of 15 bytes at 30
Wrote packet of 15 bytes at 45
Wrote packet of 15 bytes at 60
Wrote packet of 15 bytes at 75
Read 6 potential packets, wrote 6 packets


I open this file with wireshark, then under DLT user A I select the
DLT=147
and the payload as gsm_map but I get

"DLT User A: No such proto: gsm_map"

How do I go about to decode this file??

Thanks

Joe





If you have any questions or comments please let me know.

Kind Regards

Joseph Cortes

Current Date & Time in Gibraltar

Joseph Cortes
Wireless Department

Gibtelecom
P.O. Box 929
Suite 942 Europort
Gibraltar

Tel: +350 52211
GSM: +350 57003000
Fax: +350 57003500
Email: joseph.cortes@xxxxxxxxxxx
Web: www.gibtele.com

STANDARD EMAIL DISCLAIMER FOLLOWS FOR LEGAL REASONS:
This electronic message contains information from GIBTELECOM which may
be
privileged or confidential. The information is intended to be for the
use
of the individual(s) or entity named above. If you are not the intended
recipient, be aware that any disclosure, copying, distribution or use of
the contents of this information is prohibited. If you have received
this
electronic message in error please notify us by telephone or e-mail (to
the
number or address above) and delete it

Viruses: Although our Company attempts to sweep e-mail and attachments
for
viruses, it does not guarantee that either are virus-free and accepts no
liability for any damage sustained as a result of viruses

 (See attached file: HEX.TXT)
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users




_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


(See attached file: winmail.dat)
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


Attachment: winmail.dat
Description: Binary data