9 Jul
2009
9 Jul
'09
4:23 p.m.
Hi,
I am trying to deal with wireshark to understand what happening in each
function in the code.
It says that the file seems to be corrupted:
"The capture files appears to be damaged or corrupted. (libpcap: LAPD file
has a 15-byte packet, too small to have even a LAPD pseudo-header)"
Is it a problem?
I still can read the Abis communication.
I saw that some rsl packets are malformed. Is it coming from a missing
implementation in the code that need to be fixed?
Thanks
Eric
9 Jul
9 Jul
8:20 p.m.
On Thursday 09 July 2009 16:23:09 Eric Cathelinaud wrote:
Hi,
I am trying to deal with wireshark to understand what happening in each
function in the code.
It says that the file seems to be corrupted:
"The capture files appears to be damaged or corrupted. (libpcap: LAPD file
has a 15-byte packet, too small to have even a LAPD pseudo-header)"
which file is that? anything you recorded? recorded with what?
z.
11:02 p.m.
hi,
I used the option in the command line : ./bsc_hack -p something.pcap
http://bs11-abis.gnumonks.org/trac/wiki/PacketDump
Then I opened it with wireshark.
Eric Cathelinaud
2009/7/9 Holger Freyther <zecke(a)selfish.org>
On Thursday 09 July 2009 16:23:09 Eric Cathelinaud
wrote:
Hi,
I am trying to deal with wireshark to understand what happening in each
function in the code.
It says that the file seems to be corrupted:
"The capture files appears to be damaged or corrupted. (libpcap: LAPD
file
has a 15-byte packet, too small to have even a
LAPD pseudo-header)"
which file is that? anything you recorded? recorded with what?
z.
10 Jul
10 Jul
2:49 a.m.
On Thursday 09 July 2009 23:02:44 Eric Cathelinaud wrote:
hi,
I used the option in the command line : ./bsc_hack -p something.pcap
http://bs11-abis.gnumonks.org/trac/wiki/PacketDump
leaves only the type of the BTS... which I assume will be nanoBTS... and then
I will have to tell you that it doesn't work for the nanoBTS and that the
better alternative is to use harald's work in progress wireshark plugin.
would you find the time to update the PacketDump wiki site?
z.
10:11 a.m.
2009/7/10 Holger Freyther <zecke(a)selfish.org>
On Thursday 09 July 2009 23:02:44 Eric Cathelinaud
wrote:
hi,
I used the option in the command line : ./bsc_hack -p something.pcap
http://bs11-abis.gnumonks.org/trac/wiki/PacketDump
leaves only the type of the BTS... which I assume will be nanoBTS... and
then
I will have to tell you that it doesn't work for the nanoBTS and that the
better alternative is to use harald's work in progress wireshark plugin.
would you find the time to update the PacketDump wiki site?
z.
Yes sure but I am not using a nanoBTS, I am using the bs11.
Eric Cathelinaud
11:05 a.m.
2009/7/10 Eric Cathelinaud <e.cathelinaud(a)googlemail.com>
2009/7/10 Holger Freyther <zecke(a)selfish.org>
On Thursday 09 July 2009 23:02:44 Eric Cathelinaud wrote:
Well I have no more problem when opening the pcap files.
I had no problem with the files on the wiki, only with the file i was
generating.
But now it's working fine also, the reboot solved my problem. Dunno what
happened exactly.
Eric Cathelinaud
hi,
I used the option in the command line : ./bsc_hack -p something.pcap
http://bs11-abis.gnumonks.org/trac/wiki/PacketDump
leaves only the type of the BTS... which I assume will be nanoBTS... and
then
I will have to tell you that it doesn't work for the nanoBTS and that the
better alternative is to use harald's work in progress wireshark plugin.
would you find the time to update the PacketDump wiki site?
z.
Yes sure but I am not using a nanoBTS, I am using the bs11.
Eric Cathelinaud
12:29 p.m.
2009/7/10 Eric Cathelinaud <e.cathelinaud(a)googlemail.com>
2009/7/10 Eric Cathelinaud
<e.cathelinaud(a)googlemail.com>
2009/7/10 Holger Freyther <zecke(a)selfish.org>
Well i still have sometimes this error message. I have it when I attach a
mobile on the network.
I saw 2 "unknow" packets comes from the Remote Network to the Remote User
during the attach process. Their size are quite small.
I join in attached file a screen of my results.
Eric Cathelinaud
On Thursday 09 July 2009 23:02:44 Eric Cathelinaud wrote:
Well I have no more problem when opening the pcap files.
I had no problem with the files on the wiki, only with the file i was
generating.
But now it's working fine also, the reboot solved my problem. Dunno what
happened exactly.
Eric Cathelinaud hi,
I used the option in the command line : ./bsc_hack -p something.pcap
http://bs11-abis.gnumonks.org/trac/wiki/PacketDump
leaves only the type of the BTS... which I assume will be nanoBTS... and
then
I will have to tell you that it doesn't work for the nanoBTS and that the
better alternative is to use harald's work in progress wireshark plugin.
would you find the time to update the PacketDump wiki site?
z.
Yes sure but I am not using a nanoBTS, I am using the bs11.
Eric Cathelinaud
6:58 p.m.
On Fri, Jul 10, 2009 at 12:29:47PM +0200, Eric Cathelinaud wrote:
Well i still have sometimes this error message. I have
it when I attach a
mobile on the network.
I saw 2 "unknow" packets comes from the Remote Network to the Remote User
during the attach process. Their size are quite small.
I join in attached file a screen of my results.
it would help if you can put the pcap file (with at least one good and one
'bad' packet) somewhere online or even send it to the list (if its small and you
only select a couple of packets, you can attach it).
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
15 Jul
15 Jul
11:06 a.m.
2009/7/10 Harald Welte <laforge(a)gnumonks.org>
On Fri, Jul 10, 2009 at 12:29:47PM +0200, Eric
Cathelinaud wrote:
In the attached file there are 5 malformed packets and 2 unknow packets.
Thanks
Eric Cathelinaud
Well i still have sometimes this error message. I
have it when I attach a
mobile on the network.
I saw 2 "unknow" packets comes from the Remote Network to the Remote User
during the attach process. Their size are quite small.
I join in attached file a screen of my results.
it would help if you can put the pcap file (with at least one good and one
'bad' packet) somewhere online or even send it to the list (if its small
and you only select a couple of packets, you can attach it).
--
- Harald Welte <laforge(a)gnumonks.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
8:46 p.m.
On Wed, Jul 15, 2009 at 11:06:48AM +0200, Eric Cathelinaud wrote:
2009/7/10 Harald Welte <laforge(a)gnumonks.org>
just to make it clear: this pcap was generated using bsc_hack's pcap option,
correct? it seems like sometimes we write truncated packets to that file.
There is a different method, using mISDN's debug tool (see
http://www.misdn.org/index.php/Debugtool). I think if somebody can confirm
this method works, i.e. use mISDNdebugtool to write a 'dumpfile' and then open
that with wireshark, then we can actually remove the pcap code from OpenBSC
altogether.
Would you mind trying that method and report if you still see broken/unknown
packets?
Thanks!
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
On Fri, Jul 10, 2009 at 12:29:47PM +0200, Eric
Cathelinaud wrote:
In the attached file there are 5 malformed packets and 2 unknow packets. Well i still have sometimes this error message. I
have it when I attach a
mobile on the network.
I saw 2 "unknow" packets comes from the Remote Network to the Remote User
during the attach process. Their size are quite small.
I join in attached file a screen of my results.
it would help if you can put the pcap file (with at least one good and one
'bad' packet) somewhere online or even send it to the list (if its small
and you only select a couple of packets, you can attach it).
--
- Harald Welte <laforge(a)gnumonks.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
11:17 p.m.
2009/7/15 Harald Welte <laforge(a)gnumonks.org>
On Wed, Jul 15, 2009 at 11:06:48AM +0200, Eric
Cathelinaud wrote:
In the attached file there are 5 malformed packets and 2 unknow packets.
just to make it clear: this pcap was generated using bsc_hack's pcap
option,
correct? it seems like sometimes we write truncated packets to that file.
There is a different method, using mISDN's debug tool (see
http://www.misdn.org/index.php/Debugtool). I think if somebody can
confirm
this method works, i.e. use mISDNdebugtool to write a 'dumpfile' and then
open
that with wireshark, then we can actually remove the pcap code from OpenBSC
altogether.
Would you mind trying that method and report if you still see
broken/unknown
packets?
Thanks!
--
- Harald Welte <laforge(a)gnumonks.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Ok i will try it and tell u ;-)
Thanks
Eric Cathelinaud
2009/7/10 Harald Welte
<laforge(a)gnumonks.org>
> On Fri, Jul 10, 2009 at 12:29:47PM +0200, Eric Cathelinaud wrote:
> > Well i still have sometimes this error message. I have it when I
attach
a
> > mobile on the network.
> > I saw 2 "unknow" packets comes from the Remote Network to the Remote
User
> > during the attach process. Their size
are quite small.
> > I join in attached file a screen of my results.
>
> it would help if you can put the pcap file (with at least one good and
one
> 'bad' packet) somewhere online or
even send it to the list (if its
small
> and you only select a couple of packets, you
can attach it).
>
> --
> - Harald Welte <laforge(a)gnumonks.org>
> http://laforge.gnumonks.org/
>
>
============================================================================
> "Privacy in residential applications is
a desirable marketing option."
> (ETSI EN 300 175-7 Ch.
A6)
11:18 p.m.
2009/7/15 Eric Cathelinaud <e.cathelinaud(a)googlemail.com>
2009/7/15 Harald Welte <laforge(a)gnumonks.org>
And yes the pcap file was coming from bsc_hack's pcap option
On Wed, Jul 15, 2009 at 11:06:48AM +0200, Eric
Cathelinaud wrote:
In the attached file there are 5 malformed packets and 2 unknow packets.
just to make it clear: this pcap was generated using bsc_hack's pcap
option,
correct? it seems like sometimes we write truncated packets to that file.
There is a different method, using mISDN's debug tool (see
http://www.misdn.org/index.php/Debugtool). I think if somebody can
confirm
this method works, i.e. use mISDNdebugtool to write a 'dumpfile' and then
open
that with wireshark, then we can actually remove the pcap code from
OpenBSC
altogether.
Would you mind trying that method and report if you still see
broken/unknown
packets?
Thanks!
--
- Harald Welte <laforge(a)gnumonks.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch.
A6)
Ok i will try it and tell u ;-)
Thanks
Eric Cathelinaud
2009/7/10 Harald Welte
<laforge(a)gnumonks.org>
> On Fri, Jul 10, 2009 at 12:29:47PM +0200, Eric Cathelinaud wrote:
> > Well i still have sometimes this error message. I have it when I
attach
a
> > mobile on the network.
> > I saw 2 "unknow" packets comes from the Remote Network to the Remote
User
> > during the attach process. Their size
are quite small.
> > I join in attached file a screen of my results.
>
> it would help if you can put the pcap file (with at least one good and
one
> 'bad' packet) somewhere online or
even send it to the list (if its
small
> and you only select a couple of packets, you
can attach it).
>
> --
> - Harald Welte <laforge(a)gnumonks.org>
> http://laforge.gnumonks.org/
>
>
============================================================================
> "Privacy in residential applications is
a desirable marketing option."
> (ETSI EN 300 175-7
Ch. A6)
17 Jul
17 Jul
5:59 p.m.
2009/7/15 Eric Cathelinaud <e.cathelinaud(a)googlemail.com>
2009/7/15 Eric Cathelinaud
<e.cathelinaud(a)googlemail.com>
2009/7/15 Harald Welte <laforge(a)gnumonks.org>
And yes the pcap file was coming from bsc_hack's pcap option
Hi,
I encounter problems using the debugtool from misdn.
I tried to follow the setup :
Setup
1. Install the latest mISDN and mISDNuser. On how to obtain the sources,
see GIT <http://www.misdn.org/index.php/GIT>.
2. Configure the mISDN kernel modules. On how to do that, see
Installing_mISDN <http://www.misdn.org/index.php/Installing_mISDN> and
Configuring_mISDN <http://www.misdn.org/index.php/Configuring_mISDN>.
3. Add the following line to you /etc/mISDN.conf:
<module>mISDN_debugtool</module>
4. Load the mISDN kernel modules via: mISDN start
5. Enable the debugging facility (this is done automagically by
mISDNdebugtool if started with no -n parameter): echo 1 >
/sys/class/mISDN-debugtool/enabled
6. Validate your setup by running the mISDNdebugtool user space program
to capture all packets transmitted by the mISDNdebugtool kernel module and
log them to stdout: mISDNdebugtool -v
But on step 3, I don't see the file mISDN.conf in /etc/
I can find it in the git but not complete like I can see on this link :
http://www.misdn.org/index.php/Configuring_mISDN
I only have the <mISDNconf> ... </mISDNconf> section.
In addition, I can t use any command from mISDN like mISDN start, mISDN scan
and so on.
In my kernel, I put mISDN as modular and I need to load them at each reboot
as follow to enable dslot=1 :
rmmod mISDN_core hfcmulti
modprobe mISDN_core
modprobe hfcmulti dslot=1
I still tried to compile the mISDN-debugtool.
But in /sys/class i have only a repertory for mISDN and nothing for
mISDN-debugtool. The file enabled doesn't exist too. But i think it's just a
file with a "1" inside. So i created it.
Now when i launch mISDNdebugtool -v it works but doesn't capture anything
and even doesn't create any file.
I think I have a problem since I didn't start the module mISDN_debugtool via
mISDN.conf. (step 3 & 4)
Thanks
Eric Cathelinaud
On Wed, Jul 15, 2009 at 11:06:48AM +0200, Eric
Cathelinaud wrote:
Ok i will try it and tell u ;-)
Thanks
Eric Cathelinaud
2009/7/10 Harald Welte
<laforge(a)gnumonks.org>
> On Fri, Jul 10, 2009 at 12:29:47PM +0200, Eric Cathelinaud wrote:
> > Well i still have sometimes this error message. I have it when I
attach
a
> > mobile on the network.
> > I saw 2 "unknow" packets comes from the Remote Network to the
Remote User
> > during the attach process. Their size
are quite small.
> > I join in attached file a screen of my results.
>
> it would help if you can put the pcap file (with at least one good
and one
> 'bad' packet) somewhere online or
even send it to the list (if its
small
> and you only select a couple of packets, you
can attach it).
>
> --
> - Harald Welte <laforge(a)gnumonks.org>
> http://laforge.gnumonks.org/
>
>
============================================================================
> "Privacy in residential applications is
a desirable marketing
option."
>
(ETSI EN 300 175-7
Ch. A6)
>
In the attached file there are 5 malformed packets and 2 unknow
packets.
just to make it clear: this pcap was generated using bsc_hack's pcap
option,
correct? it seems like sometimes we write truncated packets to that
file.
There is a different method, using mISDN's debug tool (see
http://www.misdn.org/index.php/Debugtool). I think if somebody can
confirm
this method works, i.e. use mISDNdebugtool to write a 'dumpfile' and then
open
that with wireshark, then we can actually remove the pcap code from
OpenBSC
altogether.
Would you mind trying that method and report if you still see
broken/unknown
packets?
Thanks!
--
- Harald Welte <laforge(a)gnumonks.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch.
A6)
27 Jul
27 Jul
2:11 p.m.
Hello guys,
I captured some data traffic between nanobts and openbsc with tcpdump
and opened the pcap file in Wireshark under windows, as I don't have GUI
on my Linux box (just a commandline shell). But unfortunately I can't
get the data parsed in Abis mesaages.
I downloaded the latest developer's Wireshark 1.1.3, with no result. I
know it's easy asking for an Abis-parser, but I thought there was a
patch for it.
Thank you.
12:31 p.m.
On Monday 27 July 2009 14:11:56 Nordin wrote:
Hello guys,
I captured some data traffic between nanobts and openbsc with tcpdump
and opened the pcap file in Wireshark under windows, as I don't have GUI
on my Linux box (just a commandline shell). But unfortunately I can't
get the data parsed in Abis mesaages.
I downloaded the latest developer's Wireshark 1.1.3, with no result. I
know it's easy asking for an Abis-parser, but I thought there was a
patch for it.
Get the latest svn version. Compile it. Use tshark in case you don't have a
GUI....
z.
2:56 p.m.
Thanks,
But I'll check if Eric gets a complete view first.
Holger Freyther schreef:
On Monday 27 July 2009 14:11:56 Nordin wrote:
Hello guys,
I captured some data traffic between nanobts and openbsc with tcpdump
and opened the pcap file in Wireshark under windows, as I don't have GUI
on my Linux box (just a commandline shell). But unfortunately I can't
get the data parsed in Abis mesaages.
I downloaded the latest developer's Wireshark 1.1.3, with no result. I
know it's easy asking for an Abis-parser, but I thought there was a
patch for it.
Get the latest svn version. Compile it. Use tshark in case you don't have a
GUI....
z.
2:33 p.m.
Hi Nordin,
Do you think it's coming from Wireshark?
If you can send the pcap file, I can check with wireshark 1.0.8 on debian
and let you know. It works fine for me.
Eric
2:54 p.m.
Hi Eric,
This is what I get:
http://picasaweb.google.com/Bouchtaoui/ComputerScienceAndTelecommunication#…
Eric Cathelinaud schreef:
Hi Nordin,
Do you think it's coming from Wireshark?
If you can send the pcap file, I can check with wireshark 1.0.8 on debian
and let you know. It works fine for me.
Eric
5394
days inactive
5412
days old
17 comments
4 participants
participants (4)
-
Eric Cathelinaud -
Harald Welte -
Holger Freyther -
Nordin