Wireshark-dev: Re: [Wireshark-dev] Tools to anonymize pcaps with cellular/3gpp traffic

From: "Darien Spencer" <cusneud@xxxxxxxx>
Date: Wed, 7 Jun 2017 22:12:11 +0200
Hi Jasper,
 
For references take a look at https://pcapr.net/
There are some RANAP/BSSAP/DTAP/GSM MAP pcaps publicly available there
 
Good luck
Darien
From: Jasper Bongertz <jasper@xxxxxxxxxxxxxx>
Date: 2017-06-07 12:38 GMT-07:00
Subject: Re: [Wireshark-dev] Tools to anonymize pcaps with cellular/3gpp traffic
To: Developer support list for Wireshark ‫‎<wireshark-dev@xxxxxxxxxxxxx>‎‬
 
...

The main point for me to implement protocols on top of L4 is if I can
get sample PCAPs and documentation on how to parse and rebuild them.
With those telecommunication protocols it seems to be one of the
classic deadlock situations: I need a PCAP to see how to sanitize it,
but nobody can share it without some sanitization first - and no, just
coding stuff based on protocol specs isn't working (probably because I'm
not a coder. I'm a network analyst that can write some sort of strange
code) :-)

> I am not looking for something particularly advanced: zeroing mcc
> and mnc (both in imsi and in cell/location information) should be
> enough, even without checksum updating.


Let me tell you, it may not sound advanced, but it is ;-)

Anyway, if you can get me PCAPs and Specs for the stuff on top of
TCP/UDP I can see what I can do. That's basically what happened for
RTPS (I thought it was simple, because it's on top of UDP... and then
IP reassembly was like 16tons coming down on me just when I thought I
was done) :-)

> The goal is to easily share some pcaps without changing them with an hex-editor by hand
That's the main reason why I started writing TraceWrangler ;-)

Cheers,
Jasper

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe