= PCAP and protocol analysis =

pcap is a data format for captured packets of communication protocols. It is us

ed by a library called libpcap, which in turn is
used by popular network protocol analyzer projects such as tcpdump and wireshark
.
In the Ethernet/Internet world, you typically capture packets from your ethernet
card using RAW sockets and promiscuous mode.
With GSM protocols such as A-bis, it is obviously not that simple - since they a
re at least traditionally not transported over IP.
= Recording and viewing A-bis communication =
== Recording ==
=== Method 1: [wiki:osmo-nitb] PCAP option (obsolete) ===
The [wiki:osmo-nitb] application inside openbsc provides a command line option t
o automatically create a PCAP file. The resulting dump is only a subset of what
is actually transmitted over the wire. Currently only Link Access Protol D-Chann
el (LAPD) messages are logged, the actual LAPD header is spoofed and only the TE
I and SAPI information is invalid. This is mostly due mISDN not providing us wit
h a LAPD header/frame and the encapsulation we use for wiretap/pcap. In the futu
re there might be a dedicated encapsulation type for the complete mISDN traffic.
To write the protocol dump simply invoke [wiki:osmo-nitb]:
{{{
./osmo-nitb -p networking.pcap
}}}
=== Method 2: Using misdn_log ===
This is the preferred method in case you are using the mISDN input driver for Op
enBSC, e.g. with a BS-11 BTS.
In order to obtain a A-bis capture and save it in a pcap file, please use the ''
misdn_log'' tool (part of mISDNuser)
the following way:
{{{
misdn_log -c0 -w networking.pcap
}}}
Please make sure to '''first start [wiki:osmo-nitb]''' and only then start ''mis
dn_log''
=== Method 3: Using tcpdump ===
If you're using an ''A-bis over IP'' based BTS such as the [nanoBTS], then you c
an use a regular tool like
tcpdump to create a pcap file
{{{
tcpdump -ni eth0 -s 0 -w networking.pcap
}}}
where ''eth0'' is the name of the network device connected to the same network a
s the nanoBTS.
== Viewing ==
Wireshark already provides dissectors for the various protocols we use (LAPD, RS
L, GSM-A, GSM-SMS...). The LAPD protocol dissector needs some minor configuratio
n though. Go to Edit -> Preferences -> Protocols -> LAPD and check the checkbox
saying "Use GSM Sapi Values". Afterwards wireshark will be able to display a lot
of the A-bis protocol. There are some glitches in the protocol analysis, some m
issing features and dissection of OML is completely missing.
Also, only the most recent wireshark development versions contain a dissector fo
r the ''ip.access A-bis over IP protocol''.
We recommend you to build wireshark from the latest source code, or alternativel
y apply the patch that is found in the wireshark
directory of our git repository.
=== A-bis OML dissector ===
To add a dissector for the GSM 12.21 A-bis Organization and Maintenance Layer (O
ML), you can use the ''abis_oml.patch'' file
from the wireshark directory of our git repository. This will be submitted for
inclusion into wireshark soon.
== Dumps for you ==
Here are some dumps that might be useful. Make sure that you only provide data f
rom your own network and equipment (no IMSI/IMEI you do not know...)