This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to decode 3GPP LTE messages using Wireshark

0

Hi all,

I am trying to capture the MAC, RLC, PDCP and RRC messages from a LTE usb dongle.

I'm new to wireshark but have been reading about the dissectors but I find it a bit confusing.

Could someone explain to me how to go about seeing the LTE messages using wireshark?

Regards,

J

asked 22 May '12, 20:41

pedropumpalot's gravatar image

pedropumpalot
1111
accept rate: 0%


One Answer:

0

Assuming your USB dongle is a "normal" USB dongle used to connect your PC to an ISP over LTE - you can't - the comunication between the dongle and the LTE network is not passed to your PC.

answered 22 May '12, 21:09

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

Hi Anders,

I have used Tems and can decode the messages from the Sierra Wireless USB dongle.

Can you explain further why Wireshark isn't capable of decoding these messages?

What is the point of wireshark if it can't decode the messages from the device? How else would you get LTE messages onto your PC/laptop without using a wireless device?

(22 May '12, 23:17) pedropumpalot

I think Anders point is that such a device (probably) terminates the LTE connection and then provides something that probably looks like an Ethernet connection to the host (PC/laptop). Your PC/laptop doesn't understand LTE, it understands Ethernet, so that's what it is given.

I would guess that to capture the LTE you'd need a dedicated capture device.

Simple test would be to try it out and see what you get; I'd guess the captured frames will look like, for example, TCP over IP over Ethernet.

(23 May '12, 06:28) JeffMorriss ♦

How else would you get LTE messages onto your PC/laptop without using a wireless device?

By capturing them inside the LTE network or having the LTE nodes write pcap files containing different interface signals or using dedicated HW to catch the signals off the air or encapsulating LTE interface signals in UDP packets and sens them to a trace node and capture that traffic(inside the network) or...

(23 May '12, 14:36) Anders ♦

I have used Tems and can decode the messages from the Sierra Wireless USB dongle.

What sort of messages are those? And what software reads those messages?

Can you explain further why Wireshark isn't capable of decoding these messages?

We don't know whether Wireshark can decode them. We do know that Wireshark can't read them from the device, as libpcap/WinPcap and the OS mechanisms they use don't support that.

What is the point of wireshark if it can't decode the messages from the device?

The point is to decode those messages that it can read, e.g. Ethernet.

(23 May '12, 17:35) Guy Harris ♦♦