Ethereal-users: Re: [Ethereal-users] GSM/GPRS Traffic

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Tue, 14 Jun 2005 11:18:36 -0700
Y Z wrote:
1. Can anyone give any info on which interface to capture and which application to run so I would be able to use ethereal to get GSM/GPRS traffic with their respective associated protocols?
There currently aren't any interfaces on which you could capture those. The only GPRS traffic you could capture would be, for example, PPP traffic running over GPRS, but it'd look like PPP traffic - you wouldn't see the GSM/GPRS protocol layers.
On UN*X, Ethereal uses libpcap to capture traffic; libpcap normally uses the OS's packet capture mechanism, which is typically oriented towards LANs and, to a lesser degree, WANs. On Windows, it uses WinPcap, including the WinPcap driver, which plugs into NDIS, which is also LAN-oriented. At the networking stack layer, those capture mechanisms would plug into a GSM/GPRS device at the PPP layer, running above GPRS.
Do I have to connect to GSM/GPRS equipment interface and run special software application?
It might be possible to run some special application that can capture "raw" GSM traffic and save it to a file, although you'd then have to modify Ethereal to read the files it saved. You would have to ask the supplier of the GSM/GPRS equipment if any such software is available.
It might also be possible to modify libpcap/WinPcap to support connecting to GSM/GPRS equipment, if the interface to that equipment is public or can be reverse-engineered.
I also notice ethereal has statistics function on GSM and GPRS showing GPRS session and mobility management. May I know how to get these info when capturing with ethereal?
Ethereal handles many protocols that it doesn't capture as raw traffic; I think the GPRS traffic is handled when it's run atop some other protocols, e.g. some sort of tunneling over, say, UDP.
2. This is slightly off topic but appreciate it if anyone can explain the difference between ethereal and tcptrace program in producing statistics of capture. Just for example, I had compared graphs generated by ethereal on TCP segments (Steven style) and the one that tcptrace produce. Overall look the same but in details they are not especially on retransmitted packets and out-of-order packets.
I'd probably explain it by "the code was written by different people". If you could send to the list a description of the differences you're seeing, we might be able to figure out whether they're just stylistic differences or bugs.