Hello community!
I'm currently exploring the inspection of BSC/RNC<->MSC signaling traffic. At this stage, I'm focusing on dissecting SCCP connection-oriented (CO) signaling carried over SCTP (with multi-homing and multi-streaming) and M3UA. I'd appreciate any insights or suggestions.
To uniquely identify individual SCCP virtual connections in a traffic dump, I'm using parameters like SLR/DLR (from CR, CC, DF1, RLSD, and RLC messages), along with lower-layer protocol details: SCTP ports, stream ID, M3UA OPC/DPC, and SLS. However, this parameter set doesn't always guarantee uniqueness—some SCCP connections appear to share the same values, leading to mix-ups, such as DTAP CC and SMS messages being interleaved.
What additional indicators could I use to reliably distinguish SCCP connections? Or how do MSCs and BSCs typically differentiate and route them?