Ethereal-users: Re: [Ethereal-users] GSM protocol?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Guy Harris" <gharris@xxxxxxxxx>
Date: Fri, 16 Jul 2004 15:22:16 -0700 (PDT)
Guy Harris said:
> What's the detailed file format of the log file?
>
> That might require that a new link-layer encapsulation type for the
> lowest-layer protocol be added to the list of encapsulation types in
> "wiretap/wtap.h".
>
> You might then have to add dissectors for the lowest-layer protocol and
> any protocols above it for which Ethereal doesn't already have dissectors.
>  I'm not sufficiently familiar with GSM to know what the lowest-layer
> protocol would be.

Well, some Googling found pages that indicated that:

    the air link between mobiles and base stations has a number of logical
channels running atop a TDMA scheme providing multiple physical
channels;

    some of those channels run LAPDm and other protocols atop that - I
assume at least some of the other channels might not (e.g., do the
voice channels just send digitized voice without LAPDm?);

    the link between the BTS and BSC (are those co-located at the base
station?) runs LAPD over some physical-layer link;

    the link between the BSC and the MSC runs "MTP" (is that one or more
of SS7's MTP layers, e.g. MTP2?) over some physical-layer link.

So what Ethereal would do would depend on which of those protocol stacks
is in the log file, and whether, if it's the mobile <-> base station link
(Um interface), it contains:

    packets tagged with the particular TDMA physical channel they're on;

    packets tagged with the particular logical channel they're on;

    only LAPDm-based signalling traffic;

    or something else.

If it's the BTS <-> BSC link (Abis interface), then, if it contains only
one channel running LAPD, a WTAP_ENCAP_LAPD encapsulation type would be
added (or perhaps just brought back from the dead, before we changed to
doing ISDN as WTAP_ENCAP_ISDN, with packets identified by the ISDN
channel), the LAPD dissector set up to dissect it, and some mechanism for
identifying the protocol running atop LAPD and added dissectors, if
necessary, for it.  Otherwise, we'd need to know how it's structured in
the log file.

If it's the BSC <=> MSC link (A interface), then, if it contains only one
channel with MTP2 traffic, you could use WTAP_ENCAP_MTP2, and if it
contains only one channel with MTP3 traffic, you could use
WTAP_ENCAP_MTP3.  Otherwise, we'd need to know how it's structured in the
log file.