Difference between revisions of "Wireshark monitoring traffic inside YateBTS"

From YateBTS
Jump to: navigation, search
(Capturing traffic)
Line 1: Line 1:
  
Traffic can be captured/analized with Wireshark in YateBTS when using '''GSM roaming''' or '''GSM dataroam''' working modes.
+
GSM/GPRS radio traffic can be captured/analyzed with Wireshark in YateBTS. When using '''GSM roaming''' or '''GSM dataroam''' working modes it is also possible to capture core network traffic.
  
==Enable capturing of SIP and RTP packages==
+
==Enable capturing of GSM L3 frames==
  
GSMTAP.GSM will capture '''SIP and RTP packages'''.<br/>
+
GSMTAP.GSM will capture '''GSM Layer 3 frames'''.<br/>
 
Enable GSMTAP.GSM capture from the Yate rmanager:
 
Enable GSMTAP.GSM capture from the Yate rmanager:
 
  >> telnet 0 5037
 
  >> telnet 0 5037
 
  mbts config TAP Control.GSMTAP.GSM on
 
  mbts config TAP Control.GSMTAP.GSM on
  
==Enable capturing of GTP-C and GTP-U packages==
+
==Enable capturing of GPRS L3 and RLC==
  
GSMTAP.GPRS will capture '''GTP-C and GTP-U packages'''.<br/>
+
GSMTAP.GPRS will capture '''GPRS frames'''.<br/>
 
Enable GSMTAP.GPRS capture from the Yate rmanager:
 
Enable GSMTAP.GPRS capture from the Yate rmanager:
  
Line 29: Line 29:
 
</pre>
 
</pre>
  
==Capturing traffic==
+
==Capturing radio traffic==
  
 
To capture traffic use '''tcpdump''' or '''Wireshark''' (already installed on the LatKit/SatSite) by adding a custom filter: '''udp port 4729'''.
 
To capture traffic use '''tcpdump''' or '''Wireshark''' (already installed on the LatKit/SatSite) by adding a custom filter: '''udp port 4729'''.
Line 35: Line 35:
 
  Command for tcpdump:
 
  Command for tcpdump:
 
  >> '''tcpdump -i any udp port 4729 -w GSMTAP-yatebts.pcap'''
 
  >> '''tcpdump -i any udp port 4729 -w GSMTAP-yatebts.pcap'''
 +
 +
==Capturing SIP and RTP packets==
 +
Since RTP is dynamic you need to capture all UDP ports. In dataroam mode this will also capture data (GTP) traffic:
 +
>> '''tcpdump -i any udp -w UDP-yatebts.pcap'''
 +
 +
If you want to capture just SIP without actual voice:
 +
>> '''tcpdump -i any udp port 5060 -w SIP-yatebts.pcap'''
 +
 +
==Capturing GTP packets==
 +
In '''GSM dataroam''' mode YateBTS talks GTP v1 to the SGSN in YateUCN core.
 +
 +
To capture just GTP:
 +
>> '''tcpdump -i any udp port 2123 or udp port 2152 -w GTP-yatebts.pcap'''

Revision as of 21:46, 20 October 2017

GSM/GPRS radio traffic can be captured/analyzed with Wireshark in YateBTS. When using GSM roaming or GSM dataroam working modes it is also possible to capture core network traffic.

Enable capturing of GSM L3 frames

GSMTAP.GSM will capture GSM Layer 3 frames.
Enable GSMTAP.GSM capture from the Yate rmanager:

>> telnet 0 5037
mbts config TAP Control.GSMTAP.GSM on

Enable capturing of GPRS L3 and RLC

GSMTAP.GPRS will capture GPRS frames.
Enable GSMTAP.GPRS capture from the Yate rmanager:

>> telnet 0 5037
mbts config TAP Control.GSMTAP.GPRS on

Checking if GSMTAP is enabled

To check if GSMTAP is enabled type mbts config TAP in Yate rmanager.

>> telnet 0 5037
yate-sdr@ybts-UNCONFIG> mbts config TAP 
Control.GSMTAP.GPRS on
Control.GSMTAP.GSM on
Control.GSMTAP.TargetIP 127.0.0.1     [default]
yate-sdr@ybts-UNCONFIG> 

Capturing radio traffic

To capture traffic use tcpdump or Wireshark (already installed on the LatKit/SatSite) by adding a custom filter: udp port 4729.

Command for tcpdump:
>> tcpdump -i any udp port 4729 -w GSMTAP-yatebts.pcap

Capturing SIP and RTP packets

Since RTP is dynamic you need to capture all UDP ports. In dataroam mode this will also capture data (GTP) traffic:

>> tcpdump -i any udp -w UDP-yatebts.pcap

If you want to capture just SIP without actual voice:

>> tcpdump -i any udp port 5060 -w SIP-yatebts.pcap

Capturing GTP packets

In GSM dataroam mode YateBTS talks GTP v1 to the SGSN in YateUCN core.

To capture just GTP:

>> tcpdump -i any udp port 2123 or udp port 2152 -w GTP-yatebts.pcap