Wireshark-dev: Re: [Wireshark-dev] Tools to anonymize pcaps with cellular/3gpp traffic

From: Michael Sukhar <msukhar@xxxxxxxxxxx>
Date: Wed, 7 Jun 2017 16:26:03 -0700
Jasper Bongertz said:

> Is there any tool which sanitizes information carried on "3gpp"
> protocols (ranap, bssap, gsm_a dtap, gsm_map, sgsap...) or, at least,
> on some of them?

Not that I know of - mostly because few care about real sanitization
(most tools are "patching" tools), and nobody so far touches
applications on L5 and higher in a useful way (meaning, not simply
zeroing or randomizing everything)…

—————————
The answer is correct for FOS. If one steps out of FOS domain, the story is different. WireEdit is not open source, but free to download and use and allows editing the complete GSM MAP stack, the one of the most complex mobile core stacks. One could edit any field at any layer: GSM SM-TP, GSM MAP R4, TCAP, SCCP, M3UA, SCTP, IPv4. In fact one could easily change the text message riding at the top of the stack (SM-TP) by simply typing a new one.

Thanks,
Michael Sukhar,
CTO, Omnipacket