Wireshark monitoring traffic inside YateENB
To capture traffic inside YateENB, the Mobility Management Entity (MME), eNodeB and UE must use EPS encryption algorithm EEA0. This algorithm must be supported by all sides.
EEA0 (EPS Encryption Algorithm 0) doesn't use ciphering at all.
When ciphering and integrity checking are activated, the UE, MME and eNodeB can select an appropriate EPS Encryption Algorithm (eea0, eea1, eea2, eea3) and an EPC Integrity Algorithm (eia1, eia2) from a list of algorithms that are supported by both sides.
YateUCN MME configuration
In [mme] section of yateucn.conf file add the following lines:
[mme] ; UCN tells the eNodeB to use EEA0 cipher_algos=EEA0 ; eNodeB will tell the UE to use EEA0 enb_cipher_algos=EEA0
To activate the changes reload yateucn from rmanager or restart yate-ucn.service and reattach UE to the eNodeB.
- From eNodeB rmanager console (telnet 0 5037) type: enb capture start mac 23234
- From YateUCN linux console type: tcpdump -i any not tcp -w captured-trafic.pcap
- Start using internet over LTE from the UE. (After you finish you can stop tcpdump capture with Ctrl+C and open captured-traffic.pcap file with Wireshark.)
- Captured traffic: S1 Interface (S1AP and GTP-U, YateENB ↔ EPC)
To see MAC-LTE captured traffic with Wireshark, check all options from:
- From Analize analyze -> enabled protocols
- Enable mac-lte
- disable Skype
- From edit -> preferences -> protocols -> mac-lte
- enable it
- from Source of LCID -> drb channel settings -> select from static table
- LCID DRB mapping table -> edit -> Add -> ( LCID 3 | drb 0 | RLC Channel Type AM )