Difference between revisions of "Wireshark monitoring traffic inside YateENB"

From YateBTS
Jump to: navigation, search
 
(4 intermediate revisions by 3 users not shown)
Line 3: Line 3:
 
EEA0 (EPS Encryption Algorithm 0) doesn't use ciphering at all.  
 
EEA0 (EPS Encryption Algorithm 0) doesn't use ciphering at all.  
  
===YateUCN MME configuration===
+
When ciphering and integrity checking are activated, the UE, MME and eNodeB can select an appropriate EPS Encryption Algorithm (eea0, eea1, eea2, eea3) and an EPC Integrity Algorithm (eia1, eia2) from a list of algorithms that are supported by both sides.
 +
 
 +
== YateUCN MME configuration ==
 
In ['''mme'''] section of '''yateucn.conf''' file add the following lines:
 
In ['''mme'''] section of '''yateucn.conf''' file add the following lines:
  
Line 9: Line 11:
 
  ; UCN tells the eNodeB to use EEA0
 
  ; UCN tells the eNodeB to use EEA0
 
  cipher_algos=EEA0
 
  cipher_algos=EEA0
  ; so eNodeB will tell the UE to use EEA0
+
  ; eNodeB will tell the UE to use EEA0
 
  enb_cipher_algos=EEA0
 
  enb_cipher_algos=EEA0
  
 
To activate the changes reload yateucn from rmanager or restart yate-ucn.service and reattach UE to the eNodeB.
 
To activate the changes reload yateucn from rmanager or restart yate-ucn.service and reattach UE to the eNodeB.
  
=== Capture traffic ===
+
== Capture traffic ==
 
* From eNodeB rmanager console (telnet 0 5037) type: '''enb capture start mac 23234'''
 
* From eNodeB rmanager console (telnet 0 5037) type: '''enb capture start mac 23234'''
 
* From YateUCN linux console type: '''tcpdump -i any not tcp -w captured-trafic.pcap'''
 
* From YateUCN linux console type: '''tcpdump -i any not tcp -w captured-trafic.pcap'''
Line 20: Line 22:
 
* Captured traffic: S1 Interface ('''S1AP''' and '''GTP-U''', YateENB ↔ EPC)
 
* Captured traffic: S1 Interface ('''S1AP''' and '''GTP-U''', YateENB ↔ EPC)
  
=== Wireshark settings ===
+
== Wireshark settings ==
 +
 
 +
To see MAC-LTE captured traffic with Wireshark, check all options from:
  
* To see MAC-LTE captured traffic with Wireshark, check all options from: Analize -> Enabled protocols -> MAC-LTE
+
# From Analize analyze -> enabled protocols  
* Then on Protocol Preferences:
+
## Enable mac-lte
** '''Source of LCID''' -> drb channel settings: <span style="font-weight:bold;color:#FFA800">check</span> ''From configuration protocol''
+
## disable Skype
** '''Which layer info to show in info column''': <span style="font-weight:bold;color:#FFA800">check</span> ''RLC info''
+
# From edit -> preferences -> protocols -> mac-lte
 +
## enable it
 +
## from Source of LCID -> drb channel settings -> select from static table
 +
## LCID DRB mapping table -> edit -> Add -> ( LCID 3 | drb 0 | RLC Channel Type AM )

Latest revision as of 18:03, 18 January 2019

To capture traffic inside YateENB, the Mobility Management Entity (MME), eNodeB and UE must use EPS encryption algorithm EEA0. This algorithm must be supported by all sides.

EEA0 (EPS Encryption Algorithm 0) doesn't use ciphering at all.

When ciphering and integrity checking are activated, the UE, MME and eNodeB can select an appropriate EPS Encryption Algorithm (eea0, eea1, eea2, eea3) and an EPC Integrity Algorithm (eia1, eia2) from a list of algorithms that are supported by both sides.

YateUCN MME configuration

In [mme] section of yateucn.conf file add the following lines:

[mme]
; UCN tells the eNodeB to use EEA0
cipher_algos=EEA0
; eNodeB will tell the UE to use EEA0
enb_cipher_algos=EEA0

To activate the changes reload yateucn from rmanager or restart yate-ucn.service and reattach UE to the eNodeB.

Capture traffic

  • From eNodeB rmanager console (telnet 0 5037) type: enb capture start mac 23234
  • From YateUCN linux console type: tcpdump -i any not tcp -w captured-trafic.pcap
  • Start using internet over LTE from the UE. (After you finish you can stop tcpdump capture with Ctrl+C and open captured-traffic.pcap file with Wireshark.)
  • Captured traffic: S1 Interface (S1AP and GTP-U, YateENB ↔ EPC)

Wireshark settings

To see MAC-LTE captured traffic with Wireshark, check all options from:

  1. From Analize analyze -> enabled protocols
    1. Enable mac-lte
    2. disable Skype
  2. From edit -> preferences -> protocols -> mac-lte
    1. enable it
    2. from Source of LCID -> drb channel settings -> select from static table
    3. LCID DRB mapping table -> edit -> Add -> ( LCID 3 | drb 0 | RLC Channel Type AM )