So what we did to trace Camel over Sigtran with wireshark. As I mentioned in my previous post, we have connected a dedicated linux ‘sniffer’ machine to a port on a switch with port mirroring enabled for the Sigtran port. If you plan to run the traces on a windows machine – install an X server, I have been recommended Xming Server. Then you enable SSH X11 forwarding in your putty session, login to the machine – type wireshark, choose the appropriate interface to capture and you are ready to go. For me the capture did not decode the packets at first – all I got were SCTP packets and the trace did not go beyond that. To get the capture to decode Camel I had to change some Protocol settings in the preferences menu window (Edit->Preferences). First M3UA Version was changed to RFC 3332, then Camel TCAP SSN was changed to 146. After applying the changes the capture properly decoded Camel packets.
Example of initialDPSMS packet:
No. Time Source Destination Protocol Info
324 2009-01-30 17:52:21.464283 2660 3406 Camel invoke initialDPSMS
Frame 324 (278 bytes on wire, 278 bytes captured)
Ethernet II, Src: HuaweiTe_db:c8:e8 (00:e0:fc:db:c8:e8), Dst: HuaweiTe_db:d2:7b (00:e0:fc:db:d2:7b)
Internet Protocol, Src: 10.10.100.17 (10.10.100.17), Dst: 10.10.100.16 (10.10.100.16)
Stream Control Transmission Protocol, Src Port: 4010 (4010), Dst Port: 4000 (4000)
MTP 2 User Adaptation Layer
Message Transfer Part Level 3
Signalling Connection Control Part
Transaction Capabilities Application Part
Camel
invoke
invokeId: present (0)
present: 0
opcode: local (0)
local: initialDPSMS (60)
InitialDPSMSArg
serviceKey: 15
destinationSubscriberNumber: 8105617588F7
callingPartyNumber: 918427090000F0
1... .... = Extension: No Extension
.001 .... = Nature of number: International Number (0x01)
.... 0001 = Number plan: ISDN/Telephony Numbering (Rec ITU-T E.164) (0x01)
Address digits: 48729000000
Country Code: 48 Poland length 2
eventTypeSMS: sms-CollectedInfo (1)
iMSI: 62009195006930F0
TBCD digits: 260019590096030
locationInformationMSC
vlr-number: 918406010011F0
1... .... = Extension: No Extension
.001 .... = Nature of number: International Number (0x01)
.... 0001 = Number plan: ISDN/Telephony Numbering (Rec ITU-T E.164) (0x01)
Address digits: 48601000110
Country Code: 48 Poland length 2
cellGlobalIdOrServiceAreaIdOrLAI: cellGlobalIdOrServiceAreaIdFixedLength (0)
cellGlobalIdOrServiceAreaIdFixedLength: 62F0102AFEA3E0
sMSCAddress: 918406010013F0
1... .... = Extension: No Extension
.001 .... = Nature of number: International Number (0x01)
.... 0001 = Number plan: ISDN/Telephony Numbering (Rec ITU-T E.164) (0x01)
Address digits: 48601000310
Country Code: 48 Poland length 2
timeAndTimezone: 0290100371755140
tPShortMessageSpecificInfo: 11
tPProtocolIdentifier: 00
tPDataCodingScheme: 00
tPValidityPeriod: FF
smsReferenceNumber: 00C03B083264CBE8
mscAddress: 918406010011F0
1... .... = Extension: No Extension
.001 .... = Nature of number: International Number (0x01)
.... 0001 = Number plan: ISDN/Telephony Numbering (Rec ITU-T E.164) (0x01)
Address digits: 48601000110
Country Code: 48 Poland length 2
Showing posts with label sigtran. Show all posts
Showing posts with label sigtran. Show all posts
Wednesday, February 4, 2009
Friday, January 9, 2009
poor man's tektronix
All SS7 switches, prepaid or IN platforms come with some sort of signaling tracing capabilities. Now, for performing SS7 tests or debugging low, non production traffic they are usually OK - some text file gets written decoded signaling messages. The file can be then opened with notepad and Ctrl+F does the trick. What if we are dubbuging and tracing a problem on a production system with heavy traffic - obviously notepad will not be easy. Well, we can always spend a little (or a lot) on a Tektronix K15 ..but what if we don't want or don't have the budget for Tektronix ? It seems we have some other options and the keyword is Wireshark.
The first, easier option is if we have Sigtran somewhere in the picture. If the SS7 traffic is transported over IP - things are relatively easy. What we do is we setup port mirroring no the switch carrying the Sigtran traffic to replicate that port and connect the replicated port to a PC on which we run Wireshark. That's it. Traffic can be analyzed locally or via remote desktop / vnc.
The second case is if we don't have Sigtran - and this is trickier. I haven't actually tested this one but I think it should be doable. Here we have to tap into the SS7 traffic on an E1. To tap into the E1 we should be able to use Sangoma's PN 633 Tap Connection Adapter. We then connect Tx Net and Tx Cpe ports to a Sangoma card - for example A102. We then configure the ports on the card and dump a pcap log file with wanpipemon. In the end we open the file with Wireshark. Like I said, I haven't yet tried this but I'm quite sure it would work and save us a little money on a K15.
The first, easier option is if we have Sigtran somewhere in the picture. If the SS7 traffic is transported over IP - things are relatively easy. What we do is we setup port mirroring no the switch carrying the Sigtran traffic to replicate that port and connect the replicated port to a PC on which we run Wireshark. That's it. Traffic can be analyzed locally or via remote desktop / vnc.
The second case is if we don't have Sigtran - and this is trickier. I haven't actually tested this one but I think it should be doable. Here we have to tap into the SS7 traffic on an E1. To tap into the E1 we should be able to use Sangoma's PN 633 Tap Connection Adapter. We then connect Tx Net and Tx Cpe ports to a Sangoma card - for example A102. We then configure the ports on the card and dump a pcap log file with wanpipemon. In the end we open the file with Wireshark. Like I said, I haven't yet tried this but I'm quite sure it would work and save us a little money on a K15.
Subscribe to:
Comments (Atom)
