Hello! I need to capture only (!!!) gsm_sms protocol from the SS7 stream with the help of the tshark. But unfortunately I could not find any useful information in Internet how to create such filter. Maybe somebody could help me with this? Any examples or links... Any help will be appreciated! Thanks! asked 04 Apr '13, 06:58 domeno |
2 Answers:
You could use this (display) filter with tshark:
Please replace eth0 with your interface name. Unfortunately, you can't write the data stream to a pcap file (Option -w) while you are using a display filter (-R). Regards answered 08 Apr '13, 16:20 Kurt Knochner ♦ |
Generally each protocol messages follows a definite structure. You have to decode the frame in order to find the GSM SMS protocol data. Generally GSM SMS will have the following sequence, https://docs.google.com/file/d/0B81y2c59Ta9HRzZqNmZsNXgtVzg/edit?usp=sharing The 21st byte of M3UA (refer to the above link) will be the indicator for the following protocol. It specifies which protocol message follows M3UA. This may give you an idea how to proceed. GSM SMS protocol specifications can be found in ITU-T Q.7xx(not sure which number exactly it is) series of ITU-T. It is available freely. No other way other than digging detail in to the frame to find out specific protocol message. I explored this when i tried to find out only ISUP messages. So not sure about GSM SMS. But I hope this will be handy. Will post it here if I find anything else. answered 09 Apr '13, 06:23 Manoj G |
To Kurt
Thanks for the reply. But I have no any problem with the display filters. I need to capture events in the “gsm_sms” protocols and then write them into the files.
And now I have problem to write correct capture filter for the “gsm_sms” protocol. May be you know how to write correct capture filter for this protocol?
With best regards.
I don't think there is a way to use a capture filter to identify gsm_sms, as the capture filters have no protocol intelligence at the GSM level (only IP, UDP, TCP, etc.), so it would be hard/impossible to detect a gsm_sms message/packet.
Your best option is to capture everything and then later use Wireshark or tshark to just analyze gsm_sms with a display filter.
You can also ask the people at osmocom.org (see lists). Maybe they can help or have any further idea. If so, please update here as well for the benefit of all ;-)