Hi,
I am trying to deal with wireshark to understand what happening in each function in the code. It says that the file seems to be corrupted: "The capture files appears to be damaged or corrupted. (libpcap: LAPD file has a 15-byte packet, too small to have even a LAPD pseudo-header)"
Is it a problem?
I still can read the Abis communication. I saw that some rsl packets are malformed. Is it coming from a missing implementation in the code that need to be fixed?
Thanks
Eric
On Thursday 09 July 2009 16:23:09 Eric Cathelinaud wrote:
Hi,
I am trying to deal with wireshark to understand what happening in each function in the code. It says that the file seems to be corrupted: "The capture files appears to be damaged or corrupted. (libpcap: LAPD file has a 15-byte packet, too small to have even a LAPD pseudo-header)"
which file is that? anything you recorded? recorded with what?
z.
hi,
I used the option in the command line : ./bsc_hack -p something.pcap http://bs11-abis.gnumonks.org/trac/wiki/PacketDump
Then I opened it with wireshark.
Eric Cathelinaud
2009/7/9 Holger Freyther zecke@selfish.org
On Thursday 09 July 2009 16:23:09 Eric Cathelinaud wrote:
Hi,
I am trying to deal with wireshark to understand what happening in each function in the code. It says that the file seems to be corrupted: "The capture files appears to be damaged or corrupted. (libpcap: LAPD
file
has a 15-byte packet, too small to have even a LAPD pseudo-header)"
which file is that? anything you recorded? recorded with what?
z.
On Thursday 09 July 2009 23:02:44 Eric Cathelinaud wrote:
hi,
I used the option in the command line : ./bsc_hack -p something.pcap http://bs11-abis.gnumonks.org/trac/wiki/PacketDump
leaves only the type of the BTS... which I assume will be nanoBTS... and then I will have to tell you that it doesn't work for the nanoBTS and that the better alternative is to use harald's work in progress wireshark plugin.
would you find the time to update the PacketDump wiki site?
z.
2009/7/10 Holger Freyther zecke@selfish.org
On Thursday 09 July 2009 23:02:44 Eric Cathelinaud wrote:
hi,
I used the option in the command line : ./bsc_hack -p something.pcap http://bs11-abis.gnumonks.org/trac/wiki/PacketDump
leaves only the type of the BTS... which I assume will be nanoBTS... and then I will have to tell you that it doesn't work for the nanoBTS and that the better alternative is to use harald's work in progress wireshark plugin.
would you find the time to update the PacketDump wiki site?
z.
Yes sure but I am not using a nanoBTS, I am using the bs11.
Eric Cathelinaud
2009/7/10 Eric Cathelinaud e.cathelinaud@googlemail.com
2009/7/10 Holger Freyther zecke@selfish.org
On Thursday 09 July 2009 23:02:44 Eric Cathelinaud wrote:
hi,
I used the option in the command line : ./bsc_hack -p something.pcap http://bs11-abis.gnumonks.org/trac/wiki/PacketDump
leaves only the type of the BTS... which I assume will be nanoBTS... and then I will have to tell you that it doesn't work for the nanoBTS and that the better alternative is to use harald's work in progress wireshark plugin.
would you find the time to update the PacketDump wiki site?
z.
Yes sure but I am not using a nanoBTS, I am using the bs11.
Eric Cathelinaud
Well I have no more problem when opening the pcap files. I had no problem with the files on the wiki, only with the file i was generating. But now it's working fine also, the reboot solved my problem. Dunno what happened exactly.
Eric Cathelinaud
2009/7/10 Eric Cathelinaud e.cathelinaud@googlemail.com
2009/7/10 Eric Cathelinaud e.cathelinaud@googlemail.com
2009/7/10 Holger Freyther zecke@selfish.org
On Thursday 09 July 2009 23:02:44 Eric Cathelinaud wrote:
hi,
I used the option in the command line : ./bsc_hack -p something.pcap http://bs11-abis.gnumonks.org/trac/wiki/PacketDump
leaves only the type of the BTS... which I assume will be nanoBTS... and then I will have to tell you that it doesn't work for the nanoBTS and that the better alternative is to use harald's work in progress wireshark plugin.
would you find the time to update the PacketDump wiki site?
z.
Yes sure but I am not using a nanoBTS, I am using the bs11.
Eric Cathelinaud
Well I have no more problem when opening the pcap files. I had no problem with the files on the wiki, only with the file i was generating. But now it's working fine also, the reboot solved my problem. Dunno what happened exactly.
Eric Cathelinaud
Well i still have sometimes this error message. I have it when I attach a mobile on the network. I saw 2 "unknow" packets comes from the Remote Network to the Remote User during the attach process. Their size are quite small. I join in attached file a screen of my results.
Eric Cathelinaud
On Fri, Jul 10, 2009 at 12:29:47PM +0200, Eric Cathelinaud wrote:
Well i still have sometimes this error message. I have it when I attach a mobile on the network. I saw 2 "unknow" packets comes from the Remote Network to the Remote User during the attach process. Their size are quite small. I join in attached file a screen of my results.
it would help if you can put the pcap file (with at least one good and one 'bad' packet) somewhere online or even send it to the list (if its small and you only select a couple of packets, you can attach it).
2009/7/10 Harald Welte laforge@gnumonks.org
On Fri, Jul 10, 2009 at 12:29:47PM +0200, Eric Cathelinaud wrote:
Well i still have sometimes this error message. I have it when I attach a mobile on the network. I saw 2 "unknow" packets comes from the Remote Network to the Remote User during the attach process. Their size are quite small. I join in attached file a screen of my results.
it would help if you can put the pcap file (with at least one good and one 'bad' packet) somewhere online or even send it to the list (if its small and you only select a couple of packets, you can attach it).
--
- Harald Welte laforge@gnumonks.org
============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)
In the attached file there are 5 malformed packets and 2 unknow packets.
Thanks Eric Cathelinaud
On Wed, Jul 15, 2009 at 11:06:48AM +0200, Eric Cathelinaud wrote:
2009/7/10 Harald Welte laforge@gnumonks.org
On Fri, Jul 10, 2009 at 12:29:47PM +0200, Eric Cathelinaud wrote:
Well i still have sometimes this error message. I have it when I attach a mobile on the network. I saw 2 "unknow" packets comes from the Remote Network to the Remote User during the attach process. Their size are quite small. I join in attached file a screen of my results.
it would help if you can put the pcap file (with at least one good and one 'bad' packet) somewhere online or even send it to the list (if its small and you only select a couple of packets, you can attach it).
--
- Harald Welte laforge@gnumonks.org
============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)
In the attached file there are 5 malformed packets and 2 unknow packets.
just to make it clear: this pcap was generated using bsc_hack's pcap option, correct? it seems like sometimes we write truncated packets to that file.
There is a different method, using mISDN's debug tool (see http://www.misdn.org/index.php/Debugtool). I think if somebody can confirm this method works, i.e. use mISDNdebugtool to write a 'dumpfile' and then open that with wireshark, then we can actually remove the pcap code from OpenBSC altogether.
Would you mind trying that method and report if you still see broken/unknown packets?
Thanks!
2009/7/15 Harald Welte laforge@gnumonks.org
On Wed, Jul 15, 2009 at 11:06:48AM +0200, Eric Cathelinaud wrote:
2009/7/10 Harald Welte laforge@gnumonks.org
On Fri, Jul 10, 2009 at 12:29:47PM +0200, Eric Cathelinaud wrote:
Well i still have sometimes this error message. I have it when I
attach a
mobile on the network. I saw 2 "unknow" packets comes from the Remote Network to the Remote
User
during the attach process. Their size are quite small. I join in attached file a screen of my results.
it would help if you can put the pcap file (with at least one good and
one
'bad' packet) somewhere online or even send it to the list (if its
small
and you only select a couple of packets, you can attach it).
--
- Harald Welte laforge@gnumonks.org
============================================================================
"Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch.
A6)
In the attached file there are 5 malformed packets and 2 unknow packets.
just to make it clear: this pcap was generated using bsc_hack's pcap option, correct? it seems like sometimes we write truncated packets to that file.
There is a different method, using mISDN's debug tool (see http://www.misdn.org/index.php/Debugtool). I think if somebody can confirm this method works, i.e. use mISDNdebugtool to write a 'dumpfile' and then open that with wireshark, then we can actually remove the pcap code from OpenBSC altogether.
Would you mind trying that method and report if you still see broken/unknown packets?
Thanks!
- Harald Welte laforge@gnumonks.org
============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)
Ok i will try it and tell u ;-)
Thanks
Eric Cathelinaud
2009/7/15 Eric Cathelinaud e.cathelinaud@googlemail.com
2009/7/15 Harald Welte laforge@gnumonks.org
On Wed, Jul 15, 2009 at 11:06:48AM +0200, Eric Cathelinaud wrote:
2009/7/10 Harald Welte laforge@gnumonks.org
On Fri, Jul 10, 2009 at 12:29:47PM +0200, Eric Cathelinaud wrote:
Well i still have sometimes this error message. I have it when I
attach a
mobile on the network. I saw 2 "unknow" packets comes from the Remote Network to the Remote
User
during the attach process. Their size are quite small. I join in attached file a screen of my results.
it would help if you can put the pcap file (with at least one good and
one
'bad' packet) somewhere online or even send it to the list (if its
small
and you only select a couple of packets, you can attach it).
--
- Harald Welte laforge@gnumonks.org
============================================================================
"Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7
Ch. A6)
In the attached file there are 5 malformed packets and 2 unknow packets.
just to make it clear: this pcap was generated using bsc_hack's pcap option, correct? it seems like sometimes we write truncated packets to that file.
There is a different method, using mISDN's debug tool (see http://www.misdn.org/index.php/Debugtool). I think if somebody can confirm this method works, i.e. use mISDNdebugtool to write a 'dumpfile' and then open that with wireshark, then we can actually remove the pcap code from OpenBSC altogether.
Would you mind trying that method and report if you still see broken/unknown packets?
Thanks!
- Harald Welte laforge@gnumonks.org
============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)
Ok i will try it and tell u ;-)
Thanks
Eric Cathelinaud
And yes the pcap file was coming from bsc_hack's pcap option
2009/7/15 Eric Cathelinaud e.cathelinaud@googlemail.com
2009/7/15 Eric Cathelinaud e.cathelinaud@googlemail.com
2009/7/15 Harald Welte laforge@gnumonks.org
On Wed, Jul 15, 2009 at 11:06:48AM +0200, Eric Cathelinaud wrote:
2009/7/10 Harald Welte laforge@gnumonks.org
On Fri, Jul 10, 2009 at 12:29:47PM +0200, Eric Cathelinaud wrote:
Well i still have sometimes this error message. I have it when I
attach a
mobile on the network. I saw 2 "unknow" packets comes from the Remote Network to the
Remote User
during the attach process. Their size are quite small. I join in attached file a screen of my results.
it would help if you can put the pcap file (with at least one good
and one
'bad' packet) somewhere online or even send it to the list (if its
small
and you only select a couple of packets, you can attach it).
--
- Harald Welte laforge@gnumonks.org
============================================================================
"Privacy in residential applications is a desirable marketing
option."
(ETSI EN 300 175-7Ch. A6)
In the attached file there are 5 malformed packets and 2 unknow
packets.
just to make it clear: this pcap was generated using bsc_hack's pcap option, correct? it seems like sometimes we write truncated packets to that file.
There is a different method, using mISDN's debug tool (see http://www.misdn.org/index.php/Debugtool). I think if somebody can confirm this method works, i.e. use mISDNdebugtool to write a 'dumpfile' and then open that with wireshark, then we can actually remove the pcap code from OpenBSC altogether.
Would you mind trying that method and report if you still see broken/unknown packets?
Thanks!
- Harald Welte laforge@gnumonks.org
============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)
Ok i will try it and tell u ;-)
Thanks
Eric Cathelinaud
And yes the pcap file was coming from bsc_hack's pcap option
Hi,
I encounter problems using the debugtool from misdn. I tried to follow the setup : Setup
1. Install the latest mISDN and mISDNuser. On how to obtain the sources, see GIT http://www.misdn.org/index.php/GIT. 2. Configure the mISDN kernel modules. On how to do that, see Installing_mISDN http://www.misdn.org/index.php/Installing_mISDN and Configuring_mISDN http://www.misdn.org/index.php/Configuring_mISDN. 3. Add the following line to you /etc/mISDN.conf: <module>mISDN_debugtool</module> 4. Load the mISDN kernel modules via: mISDN start 5. Enable the debugging facility (this is done automagically by mISDNdebugtool if started with no -n parameter): echo 1 > /sys/class/mISDN-debugtool/enabled 6. Validate your setup by running the mISDNdebugtool user space program to capture all packets transmitted by the mISDNdebugtool kernel module and log them to stdout: mISDNdebugtool -v
But on step 3, I don't see the file mISDN.conf in /etc/ I can find it in the git but not complete like I can see on this link : http://www.misdn.org/index.php/Configuring_mISDN I only have the <mISDNconf> ... </mISDNconf> section.
In addition, I can t use any command from mISDN like mISDN start, mISDN scan and so on. In my kernel, I put mISDN as modular and I need to load them at each reboot as follow to enable dslot=1 : rmmod mISDN_core hfcmulti modprobe mISDN_core modprobe hfcmulti dslot=1
I still tried to compile the mISDN-debugtool. But in /sys/class i have only a repertory for mISDN and nothing for mISDN-debugtool. The file enabled doesn't exist too. But i think it's just a file with a "1" inside. So i created it.
Now when i launch mISDNdebugtool -v it works but doesn't capture anything and even doesn't create any file. I think I have a problem since I didn't start the module mISDN_debugtool via mISDN.conf. (step 3 & 4)
Thanks
Eric Cathelinaud
Hello guys,
I captured some data traffic between nanobts and openbsc with tcpdump and opened the pcap file in Wireshark under windows, as I don't have GUI on my Linux box (just a commandline shell). But unfortunately I can't get the data parsed in Abis mesaages.
I downloaded the latest developer's Wireshark 1.1.3, with no result. I know it's easy asking for an Abis-parser, but I thought there was a patch for it.
Thank you.
On Monday 27 July 2009 14:11:56 Nordin wrote:
Hello guys,
I captured some data traffic between nanobts and openbsc with tcpdump and opened the pcap file in Wireshark under windows, as I don't have GUI on my Linux box (just a commandline shell). But unfortunately I can't get the data parsed in Abis mesaages.
I downloaded the latest developer's Wireshark 1.1.3, with no result. I know it's easy asking for an Abis-parser, but I thought there was a patch for it.
Get the latest svn version. Compile it. Use tshark in case you don't have a GUI....
z.
Thanks,
But I'll check if Eric gets a complete view first.
Holger Freyther schreef:
On Monday 27 July 2009 14:11:56 Nordin wrote:
Hello guys,
I captured some data traffic between nanobts and openbsc with tcpdump and opened the pcap file in Wireshark under windows, as I don't have GUI on my Linux box (just a commandline shell). But unfortunately I can't get the data parsed in Abis mesaages.
I downloaded the latest developer's Wireshark 1.1.3, with no result. I know it's easy asking for an Abis-parser, but I thought there was a patch for it.
Get the latest svn version. Compile it. Use tshark in case you don't have a GUI....
z.
Hi Nordin,
Do you think it's coming from Wireshark? If you can send the pcap file, I can check with wireshark 1.0.8 on debian and let you know. It works fine for me.
Eric
Hi Eric,
This is what I get: http://picasaweb.google.com/Bouchtaoui/ComputerScienceAndTelecommunication#5...
Eric Cathelinaud schreef:
Hi Nordin,
Do you think it's coming from Wireshark? If you can send the pcap file, I can check with wireshark 1.0.8 on debian and let you know. It works fine for me.
Eric
-
Eric Cathelinaud -
Harald Welte -
Holger Freyther -
Nordin