This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Now i have a GSM Um Interface Message: 06 21 00 01 F0 CB 2B 2B 2B 2B 2B 2B 2B 2B 2B 2B 2B 2B 2B 2B 2B 2B In GSM Um Interface ,IT is a "Paging Request Type 1" message, How to Use Wireshark to Decoded it?

thanks!

asked 22 Mar '14, 09:13

whywhyyu's gravatar image

whywhyyu
11112
accept rate: 0%


Some air interface sniffers can encapsulate those messages into a GSMTAP message, and append "dummy" IP and UDP headers to them, saving them in a .pcap file format for Wireshark to decode.

The message you posted there is definitely not an IP packet. You won't be able to just directly decode air interface messages in Wireshark but as I said most tools I've seen that do this kind of air interface tracing should support that kind of export into .pcap files.

What kind of analyzer are you using at the UE to trace the Um interface?

permanent link

answered 22 Mar '14, 14:23

Quadratic's gravatar image

Quadratic
1.9k6928
accept rate: 13%

edited 22 Mar '14, 14:24

1

I could not resist to award you one extra point ;-)) Total now: 666

(22 Mar '14, 14:25) Kurt Knochner ♦

Ha. Not sure if I should thank you for that or not. :)

(22 Mar '14, 14:28) Quadratic

depends on your godliness :-)) If you feel uncomfortable, you can return the point to me or donate it to someone else ;-))

(22 Mar '14, 14:29) Kurt Knochner ♦

Thank you ! We have No "analyzer"! I got that message from the Phone(BaseBand GSM stack) internal log system ,these logs show what message they got from the BTS,and always i need to analyser message manual .

can you give me an idea? what "tools" can convert these message to a ".pcap" file? Thank you again!

(23 Mar '14, 08:13) whywhyyu

Well, for free stuff, take a look at "airprobe" which used to be called gsm-sniffer. Among its binaries is "gsm-receiver" which stores in a .pcap file format for Wireshark using GSMTAP.

Another is OpenBTS, but for that you're effectively emulating the base station.

If you're an operator, you can probably get your hands on more sophisticated UE testers from the chipset vendors, like Qualcom's QXDM. Also, if you're an operator, usually the IuB interface onwards nowadays is over IP and Wireshark supports those kinds of stacks (eg: IP/SCTP/NBAP from the base stations). Depending on what you want to see from the UE, if it's something like a NAS exchange (eg: that location update you're looking at), there's usually no reason to need to trace the air interface unless you're isolating RRC-level troubleshooting or unless you're not an operator but just testing the performance or behaviour of the operator.

You've got me thinking though, if there's a program to take the messages as text from your log file and encapsulate them into GSMTAP...... In concept it should be doable, though I'm not sure of any tool that does quite what you're looking for.

(23 Mar '14, 12:42) Quadratic

You can follow the procedure described here: http://ask.wireshark.org/questions/28735/decode-sms-bearer-data-hex-string and use the gsm_a_dtap dissector name instead of gsm_sms

permanent link

answered 24 Mar '14, 02:16

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

edited 24 Mar '14, 02:16

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×37
×4

question asked: 22 Mar '14, 09:13

question was seen: 5,297 times

last updated: 24 Mar '14, 02:16

p​o​w​e​r​e​d by O​S​Q​A