= PCAP and protocol analysis = pcap is a data format for captured packets of communication protocols.

It is us ed by a library called libpcap, which in turn is used by popular network protocol analyzer projects such as tcpdump and wireshark . In the Ethernet/Internet world, you typically capture packets from your ethernet card using RAW sockets and promiscuous mode. With GSM protocols such as A-bis, it is obviously not that simple - since they a re at least traditionally not transported over IP. = Recording and viewing A-bis communication = == Recording == === Method 1: [wiki:osmo-nitb] PCAP option (obsolete) === The [wiki:osmo-nitb] application inside openbsc provides a command line option t o automatically create a PCAP file. The resulting dump is only a subset of what is actually transmitted over the wire. Currently only Link Access Protol D-Chann el (LAPD) messages are logged, the actual LAPD header is spoofed and only the TE I and SAPI information is invalid. This is mostly due mISDN not providing us wit h a LAPD header/frame and the encapsulation we use for wiretap/pcap. In the futu re there might be a dedicated encapsulation type for the complete mISDN traffic. To write the protocol dump simply invoke [wiki:osmo-nitb]: {{{ ./osmo-nitb -p networking.pcap }}} === Method 2: Using misdn_log === This is the preferred method in case you are using the mISDN input driver for Op enBSC, e.g. with a BS-11 BTS. In order to obtain a A-bis capture and save it in a pcap file, please use the '' misdn_log'' tool (part of mISDNuser) the following way: {{{ misdn_log -c0 -w networking.pcap }}} Please make sure to '''first start [wiki:osmo-nitb]''' and only then start ''mis dn_log'' === Method 3: Using tcpdump === If you're using an ''A-bis over IP'' based BTS such as the [nanoBTS], then you c an use a regular tool like tcpdump to create a pcap file {{{ tcpdump -ni eth0 -s 0 -w networking.pcap }}} where ''eth0'' is the name of the network device connected to the same network a s the nanoBTS. == Viewing == Wireshark already provides dissectors for the various protocols we use (LAPD, RS L, GSM-A, GSM-SMS...). The LAPD protocol dissector needs some minor configuratio

=== A-bis OML dissector === To add a dissector for the GSM 12..access A-bis over IP protocol''.) . == Dumps for you == Here are some dumps that might be useful. Afterwards wireshark will be able to display a lot of the A-bis protocol. Make sure that you only provide data f rom your own network and equipment (no IMSI/IMEI you do not know.patch'' file from the wireshark directory of our git repository. There are some glitches in the protocol analysis. Go to Edit -> Preferences -> Protocols -> LAPD and check the checkbox saying "Use GSM Sapi Values". or alternativel y apply the patch that is found in the wireshark directory of our git repository. This will be submitted for inclusion into wireshark soon. We recommend you to build wireshark from the latest source code. Also. you can use the ''abis_oml..n though. some m issing features and dissection of OML is completely missing.21 A-bis Organization and Maintenance Layer (O ML). only the most recent wireshark development versions contain a dissector fo r the ''ip.