Wireshark-users: Re: [Wireshark-users] Gr Interface

From: "Cortes, Joseph" <joseph.cortes@xxxxxxxxxxx>
Date: Fri, 2 Mar 2007 14:22:20 +0100
Florent,

Thanks for the info; I already have a price for the card and pod and will most probably be getting it.

I am fairly conversant with Linux. Can you please send me some instructions on how to get this going, what particular distro do you recommend ?

Joe

 

If you have any questions or comments please let me know.
 
Kind Regards
 
Joseph Cortes
 
Current Date & Time in Gibraltar
 
Joseph Cortes
Wireless Department
 
Gibtelecom 
P.O. Box 929
Suite 942 Europort
Gibraltar
 
Tel: +350 52211
GSM: +350 57003000
Fax: +350 57003500
Email: joseph.cortes@xxxxxxxxxxx
Web: www.gibtele.com
 
STANDARD EMAIL DISCLAIMER FOLLOWS FOR LEGAL REASONS: 
This electronic message contains information from GIBTELECOM which may be privileged or confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error please notify us by telephone or e-mail (to the number or address above) and delete it
 
Viruses: Although our Company attempts to sweep e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses
 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Florent.Drouin@xxxxxxxxxxxxxxxxx
Sent: 01 March 2007 15:54
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Gr Interface


      Hello,


I will just complete the answers of Anders.
For each of the three board manufacturers referenced in the capture/SS7
wiki, a Web Site link is available.
You can have a look at the distributors list on the Web site, I think all
of them have resellers in Europe.
But I think you should first contact the sales and request for a quotation,
and/or for additional informations to be sure this is  the system you are
expecting.

For my part, I have got an Endace DAG37T board on a linux PC to monitor the
target system.
The board can monitor 8 E1/T1 duplex  (8 ports for RX and 8 ports for TX on
the external 16-port Pod)
( see http://www.endace.com/dag3.7T.htm )
To setup the system, you have to compile the linus kernel, and to integrate
a specific module for the board.
Then you will have to compile the last libpcap to integrate the specific
API for the board.
And finally, you will have to compile the last version of wireshark (or at
leat 99.5) to link to your private libpcap.

For the connectic, you have to use Y cables  (or better E1/T1 Tap), because
the system is not working in loop mode.
Once the monitoring system is installed and configured, you can capture and
analyze in real-time the trafic on the E1/T1 links with wireshark.

Best regards.
Florent



                                                                                                                                  
                      "Anders Broman"                                                                                             
                      <a.broman@xxxxxxxxx>               To:      "'Community support list for Wireshark'"                        
                      Sent by:                           <wireshark-users@xxxxxxxxxxxxx>                                          
                      wireshark-users-bounces@wi         cc:                                                                      
                      reshark.org                        Subject: Re: [Wireshark-users] Gr Interface                              
                                                                                                                                  
                                                                                                                                  
                      01/03/2007 14:11                                                                                            
                      Please respond to                                                                                           
                      Community support list for                                                                                  
                      Wireshark                                                                                                   
                                                                                                                                  




Hi,
Following the "endance" link on the wiki gives
http://www.endace.com/contact.htm I'm sure Intel will have the samy type of
info. I have no experience of these cards myself.
Best regards
Anders


-----Ursprungligt meddelande-----
Från: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] För Cortes, Joseph
Skickat: den 1 mars 2007 11:15
Till: Community support list for Wireshark
Ämne: Re: [Wireshark-users] Gr Interface

Florent / Anders,

Thanks for the info,

Any idea where I can purchase these cards in Europe?

Thanks

Joe



If you have any questions or comments please let me know.

Kind Regards

Joseph Cortes

Current Date & Time in Gibraltar

Joseph Cortes
Wireless Department

Gibtelecom
P.O. Box 929
Suite 942 Europort
Gibraltar

Tel: +350 52211
GSM: +350 57003000
Fax: +350 57003500
Email: joseph.cortes@xxxxxxxxxxx
Web: www.gibtele.com

STANDARD EMAIL DISCLAIMER FOLLOWS FOR LEGAL REASONS:
This electronic message contains information from GIBTELECOM which may be
privileged or confidential. The information is intended to be for the use
of
the individual(s) or entity named above. If you are not the intended
recipient, be aware that any disclosure, copying, distribution or use of
the
contents of this information is prohibited. If you have received this
electronic message in error please notify us by telephone or e-mail (to the
number or address above) and delete it

Viruses: Although our Company attempts to sweep e-mail and attachments for
viruses, it does not guarantee that either are virus-free and accepts no
liability for any damage sustained as a result of viruses


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
Florent.Drouin@xxxxxxxxxxxxxxxxx
Sent: 27 February 2007 11:54
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Gr Interface



      Hello Joseph,


Sorry for the delay.
As said Anders, you can have a look at the wiki.
The boards integrated with the PCAP library can be used under several OSs
(libpcap for Unix, Winpcap for windows) to do realtime monitoring.
In any case, I suggest you to use the last PCAP library, there are a lot of
changes concerning the SS7.

Regards
Florent





                      "Anders Broman \(AL/EAB\)"

                      <anders.broman@xxxxxxxxxxx         To:
"Community
support list for Wireshark"
                      m>
<wireshark-users@xxxxxxxxxxxxx>
                      Sent by:                           cc:

                      wireshark-users-bounces@wi         Subject: Re:
[Wireshark-users] Gr Interface
                      reshark.org





                      26/02/2007 11:44

                      Please respond to

                      Community support list for

                      Wireshark







Hi,
You can find some information on SS7 capture here
http://wiki.wireshark.org/CaptureSetup/SS7
Best regards
Anders

________________________________

Från: wireshark-users-bounces@xxxxxxxxxxxxx genom Cortes, Joseph
Skickat: må 2007-02-26 10:52
Till: Community support list for Wireshark
Ämne: Re: [Wireshark-users] Gr Interface



Florent,

Are you by any chance capturing ss7 directly using Wireshark?

If so what hardware (ss7 card are you using, OS, etc...)

Thanks

Joe



If you have any questions or comments please let me know.

Kind Regards

Joseph Cortes

Current Date & Time in Gibraltar

Joseph Cortes
Wireless Department

Gibtelecom
P.O. Box 929
Suite 942 Europort
Gibraltar

Tel: +350 52211
GSM: +350 57003000
Fax: +350 57003500
Email: joseph.cortes@xxxxxxxxxxx
Web: www.gibtele.com

STANDARD EMAIL DISCLAIMER FOLLOWS FOR LEGAL REASONS:
This electronic message contains information from GIBTELECOM which may
be privileged or confidential. The information is intended to be for the
use of the individual(s) or entity named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited. If you have
received this electronic message in error please notify us by telephone
or e-mail (to the number or address above) and delete it

Viruses: Although our Company attempts to sweep e-mail and attachments
for viruses, it does not guarantee that either are virus-free and
accepts no liability for any damage sustained as a result of viruses


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
Florent.Drouin@xxxxxxxxxxxxxxxxx
Sent: 23 February 2007 13:04
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Gr Interface


      Joseph,


You could add your utility in the tools section of the wireshark wiki
http://wiki.wireshark.org/Tools

The datalink value for MTP2 is 140, so as the datalink is already
existing,
you do not need to use a User Datalink.
The value of the datalink are stored in wiretap/libpcap.c, or in the
libpcap sources.

Regards
Florent





                      "Cortes, Joseph"

                      <joseph.cortes@xxxxxxxxxxx         To:
"Community support list for Wireshark"
                      >
<wireshark-users@xxxxxxxxxxxxx>

                      Sent by:                           cc:

                      wireshark-users-bounces@wi         Subject: Re:
[Wireshark-users] Gr Interface
                      reshark.org





                      23/02/2007 12:11

                      Please respond to

                      Community support list for

                      Wireshark







Florent,

I already realised that, I have actually written a small utility to ever
come this i.e. to convert from hex text to Wireshark pcap in one go.

Where can I post this for other users with this problem?

One small question why did you specify -l 140 ? Does this indicate MTP2,
I am using -l 147 and then setting the payload to MTP2 under one of the
DLT user settings for 147.

Joe





If you have any questions or comments please let me know.

Kind Regards

Joseph Cortes

Current Date & Time in Gibraltar

Joseph Cortes
Wireless Department

Gibtelecom
P.O. Box 929
Suite 942 Europort
Gibraltar

Tel: +350 52211
GSM: +350 57003000
Fax: +350 57003500
Email: joseph.cortes@xxxxxxxxxxx
Web: www.gibtele.com

STANDARD EMAIL DISCLAIMER FOLLOWS FOR LEGAL REASONS:
This electronic message contains information from GIBTELECOM which may
be privileged or confidential. The information is intended to be for the
use of the individual(s) or entity named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited. If you have
received this electronic message in error please notify us by telephone
or e-mail (to the number or address above) and delete it

Viruses: Although our Company attempts to sweep e-mail and attachments
for viruses, it does not guarantee that either are virus-free and
accepts no liability for any damage sustained as a result of viruses


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
Florent.Drouin@xxxxxxxxxxxxxxxxx
Sent: 22 February 2007 17:14
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Gr Interface



      Hello,


You have to modify your test file to add an "ascii dump" at each end of
line, and to remove the lines containing a description
(see the attached text file).
Then you will have to convert the file with:
text2pcap -l 140 hex2.txt hex2.cap

The link layer for Gr interface is MTP2.

(See attached file: hex2.txt)(See attached file: hex2.cap)

Regards
Florent




                      "Cortes, Joseph"

                      <joseph.cortes@xxxxxxxxxxx         To:
<wireshark-users@xxxxxxxxxxxxx>, <wireshark-dev@xxxxxxxxxxxxx>
                      >                                  cc:

                      Sent by:                           Subject:
[Wireshark-users] Gr Interface
                      wireshark-users-bounces@wi

                      reshark.org





                      22/02/2007 12:33

                      Please respond to

                      Community support list for

                      Wireshark







Hi,

Totally new to the wireshark product:

I've captured the following on the Gr interface i.e. between the SGSN
and
the HLR on a Nettest MPA 7300 and save the capture as hex only. (file
attached)

I've tried the text2pcap ? l 147 hex.txt hex.cap ( Not sure if this is
what
I should be doing) this creates the hex.cap file.

C:\Programs\Wireshark>text2pcap -l 147 hex.txt hex.cap
Input from: hex.txt
Output to: hex.cap
Wrote packet of 15 bytes at 0
Wrote packet of 15 bytes at 15
Wrote packet of 15 bytes at 30
Wrote packet of 15 bytes at 45
Wrote packet of 15 bytes at 60
Wrote packet of 15 bytes at 75
Read 6 potential packets, wrote 6 packets


I open this file with wireshark, then under DLT user A I select the
DLT=147
and the payload as gsm_map but I get

"DLT User A: No such proto: gsm_map"

How do I go about to decode this file??

Thanks

Joe





If you have any questions or comments please let me know.

Kind Regards

Joseph Cortes

Current Date & Time in Gibraltar

Joseph Cortes
Wireless Department

Gibtelecom
P.O. Box 929
Suite 942 Europort
Gibraltar

Tel: +350 52211
GSM: +350 57003000
Fax: +350 57003500
Email: joseph.cortes@xxxxxxxxxxx
Web: www.gibtele.com

STANDARD EMAIL DISCLAIMER FOLLOWS FOR LEGAL REASONS:
This electronic message contains information from GIBTELECOM which may
be
privileged or confidential. The information is intended to be for the
use
of the individual(s) or entity named above. If you are not the intended
recipient, be aware that any disclosure, copying, distribution or use of
the contents of this information is prohibited. If you have received
this
electronic message in error please notify us by telephone or e-mail (to
the
number or address above) and delete it

Viruses: Although our Company attempts to sweep e-mail and attachments
for
viruses, it does not guarantee that either are virus-free and accepts no
liability for any damage sustained as a result of viruses

 (See attached file: HEX.TXT)
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users




_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


(See attached file: winmail.dat)
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users




_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users