Thank you very much!!
I will have some work getting through this, but I recon I'll have some more
questions later.
Again thank you
2016-03-01 12:39 GMT+01:00 Neels Hofmeyr <nhofmeyr(a)sysmocom.de>de>:
On Tue, Mar 01, 2016 at 11:12:01AM +0100, Terje
Kristoffer Hybbestad Skow
wrote:
The "logfile /tmp/foo" did gave an
error message saying "unrecognized
option".
It seems the logfile option was added on 2014-03-23 with commit
9c0ff4fafe4276396125a52c89d36967566fe08c. It may make sense if you build
your osmocom stack from the git sources to benefit from the latest fixes.
See
http://git.osmocom.org, specifically you'd probably want to clone and
build
git://git.osmocom.org/libosmocore
git://git.osmocom.org/openggsn
The build steps being for example
autoreconf -fi
./configure
make
sudo make install
I'm going to look at DNS packets going
through a GGSN to try and find
ways
to detect DNS tunnels, do you have any
recommendations how to do this?
I do not have the time or resources to use real UE's so I hope to
simulate
it on a computer using VMs or something like
that.
as
The BTS is for communicating with a phone over the air interface. Abis and
osmo-nitb are used for voice calls only. The SGSN is needed for real
networks,
you should be fine with the sgsnemu. So all you need is sgsnemu and
openggsn.
You want to figure out how to use the sgsnemu, starting with a route into
the
tunnel device that sgsnemu opens up. So you need to look at the 'ip route'
commands (if you're on linux). I guess you won't need VMs; granted, it
might
make it easier to avoid circular routes (to IP addresses that should only
be
seen on the GGSN side), but certainly not a necessary prerequisite.
I tried to ping through the sgsnemu tunnel once but saw, as I mentioned,
that
the GGSN thwarts GTP messages without a proper context being created
first. It
shouldn't be too hard, but I haven't investigated further. So you'd want to
understand the GTP Ctrl & User messages to setup a PGP context (TEIs and
stuff), and figure out how sgsnemu might make your life easier in that
regard.
You probably want to read ETSI 29.060 to figure out GTP:
http://www.etsi.org/deliver/etsi_ts/129000_129099/129060/03.19.00_60/ts_129…
You may find attached pcap file interesting (open in wireshark and note
that
the DNS queries are transmitted over GTP between SGSN and GGSN even though
wireshark tends to show only the DNS and src/dest enclosed in the GTP).
And again, you may look at
http://git.osmocom.org/openbsc/tree/openbsc/tests/gtphub/gtphub_test.c
about simplistic code examples of composing a PGP context conversation.
If you'd like any more answers to questions you didn't ask ;)
just give us a shout...
~Neels
--
- Neels Hofmeyr <nhofmeyr(a)sysmocom.de>
http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschäftsführer / Managing Directors: Holger Freyther, Harald Welte