Neels Hofmeyr nhofmeyr at
Tue Mar 1 11:39:25 UTC 2016

On Tue, Mar 01, 2016 at 11:12:01AM +0100, Terje Kristoffer Hybbestad Skow wrote:
> The "logfile /tmp/foo" did gave an error message saying "unrecognized
> option".

It seems the logfile option was added on 2014-03-23 with commit
9c0ff4fafe4276396125a52c89d36967566fe08c. It may make sense if you build
your osmocom stack from the git sources to benefit from the latest fixes.

See, specifically you'd probably want to clone and build


The build steps being for example

   autoreconf -fi
   sudo make install

> I'm going to look at DNS packets going through a GGSN to try and find ways
> to detect DNS tunnels, do you have any recommendations how to do this?
> I do not have the time or resources to use real UE's so I hope to simulate
> it on a computer using VMs or something like that.

> I have looked at this: as

The BTS is for communicating with a phone over the air interface. Abis and
osmo-nitb are used for voice calls only. The SGSN is needed for real networks,
you should be fine with the sgsnemu. So all you need is sgsnemu and openggsn.

You want to figure out how to use the sgsnemu, starting with a route into the
tunnel device that sgsnemu opens up. So you need to look at the 'ip route'
commands (if you're on linux). I guess you won't need VMs; granted, it might
make it easier to avoid circular routes (to IP addresses that should only be
seen on the GGSN side), but certainly not a necessary prerequisite.

I tried to ping through the sgsnemu tunnel once but saw, as I mentioned, that
the GGSN thwarts GTP messages without a proper context being created first. It
shouldn't be too hard, but I haven't investigated further. So you'd want to
understand the GTP Ctrl & User messages to setup a PGP context (TEIs and
stuff), and figure out how sgsnemu might make your life easier in that regard.
You probably want to read ETSI 29.060 to figure out GTP:
You may find attached pcap file interesting (open in wireshark and note that
the DNS queries are transmitted over GTP between SGSN and GGSN even though
wireshark tends to show only the DNS and src/dest enclosed in the GTP).
And again, you may look at
about simplistic code examples of composing a PGP context conversation.

If you'd like any more answers to questions you didn't ask ;)
just give us a shout...


- Neels Hofmeyr <nhofmeyr at>
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschäftsführer / Managing Directors: Holger Freyther, Harald Welte
-------------- next part --------------
A non-text attachment was scrubbed...
Name: trace3.pcapng
Type: application/octet-stream
Size: 6048 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <>

More information about the osmocom-net-gprs mailing list