Hello, I have a question regarding a wireshark trace's. I want to see the PDP CONTEXT in the trace but i don't know how to do ? below how i make my test : The mobile is under FEMTOCELL coverage(the wireshark is configured with this femto. The Femt is an amplifier home network). i launch the trace i activate the data on the mobile i launch a navigation I want to see the PDP CONTEXT information. I don't know if i must have a plugin to try this or not ? (version 1.6.12) asked 11 Feb '13, 01:43  Prima Test |
One Answer:
What does that mean excatly? Usually a Femtocell is a blackbox that has access to the 3G Network over the air and acccess to the Provider network via an IP network (your home internet access). Without special hardware, you cannot capture the 3G traffic (and it won't help you, as 3G traffic is encrypted). To be able to capture the IP traffic (from the Femtocell to the Provider network), you need a plain Ethernet Capture Setup (TAP, Switch with Mirror Port, etc.). HOWEVER The traffic from the Femtocell to the Provider is (usually) encrypted, so all you will see is encrypted data in Wireshark. As you don't know how they encrypt the data and you don't have access to the crypto keys, you won't be able to decrypt that traffic. It's not a limitation of Wireshark, it's just 'security by design' (hopefully). If your Femtocell works differently, there may be ways to get hold of the data, but chances are rather bad ;-) Regards answered 12 Feb '13, 04:34  Kurt Knochner ♦ edited 12 Feb '13, 05:19 |
It's not clear what you are trying to do. Do you have a femto cell connected via your home netork and you have mirroring set up in your home network to sniff trafik between this femto cell and the GSM/UMTS core network or a lab setup to do the same? What traffic can you see with Wireshark? Chances are that the traffic femtocell -> network is encrypted.
yes it's exactly that i have a femto cell connected via my home network. And i want to see the communication between the mobile when i lauch a wap navigation and the network. My mobile is configured to dual stack (iPv4/iPv6) but for SFR in France only the ipv4 is supported. So i want see the PDP Context via wireshark to see that the network "says" correctly to the mobile that only ipv4 is supported. it's more clear or not ? but you're right, maybe with the femtocell the network is encrypted.