This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi , I did lot of search but i didn't find what i am interessting into. Here is my story. I am living in the GSM world. we can capture network traffic based on SIgtran interface ( SS7 over IP ). so on the sms world , you have always a request , then an ack from the platform ( HLR; MSC ). by example if you send a SRI request ( send routing information ) you will have a specific tcap.otid, the response will have the same value for tcap.dtid ( origin and destination ). this is usefull to follow a specific transaction in the middle of millions. what i want to do , is to calculate the response mean time for request using this correlation. it can be done manually for each request but it is tough. i ear about Lua , but is there any tools that can take a pcap trace and with a script calulate the response time? or is it possible to do this directly with wireshark ?. thx by advance for the help or your feedback half

asked 02 Mar '15, 04:21

halfshiva's gravatar image

halfshiva
5113
accept rate: 0%


Hi half,

As far as I'm aware there isn't a quick solution for what you are trying to do. You can do this with tshark/wireshark and lua but coding will be required.

You'd need to write a lua tap in which you would

a) build a table of transactions and then do analysis on them

b) consider corner cases where you don't capture start of transaction or end of it

c) periodically print output to text file and use that or feed data into database of some sort

I'd read through lua questions in this forum especially answers from Hadriel he often posts code snippets.

And github is another great resource for finding wireshark lua code snippets.

permanent link

answered 03 Mar '15, 03:41

izopizo's gravatar image

izopizo
2024714
accept rate: 0%

Hi Izopizo

Thx for your feedback,

I was scared about a response like this ^^

But i was more scary to learn about LUA and finally that could not help me. but regarding your response, it won't be a loose of time at all.

As soon i will perform what i expect , i will give feedback on this. This could be useful for GSM operator to know the average delivery time for short message or anything else that dealt with SS7 and TCAP protocol layer.

Br Half

(04 Mar '15, 05:24) halfshiva
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×37
×21

question asked: 02 Mar '15, 04:21

question was seen: 2,020 times

last updated: 04 Mar '15, 05:28

p​o​w​e​r​e​d by O​S​Q​A