Scribd Logo
Upload

Welcome to Scribd!

  • Training ITP 9 Wireshark-SS7 v0.1

    Uploaded by

    bayoubgoor
    23 views5 pages
    S77

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    S77

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views5 pages

    Training ITP 9 Wireshark-SS7 v0.1

    Uploaded by

    bayoubgoor
    S77

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Cisco ITP in eServGlobal IN

    Wireshark with SS7 and Sigtran


    PS and Support Internal Training
    Diegem
    Dennis Hagarty
    Implementation Practice

    6 September 2006

    2006 eServGlobal Ltd

    Wireshark and SS7

    Wireshark can dissect SS7 as well as SS7oIP (Sigtran)

    MTP3 or SCCP captures can be read

    I have a script to turn ITP MTP3 debug output into PCAP format
    with fake PCAP headers and it looks like captured MTP3
    We have two traces:

    Wireshark Sample SS7 UM.pcap with MTP3 traces from an ITP

    Wireshark Sample Sigtran KP.pcap with Sigtran traces from a UAS

    The first is mobile and the second is wireline

    Start with the first one, and read it into Wireshark

    Wireshark knows that its SS7, see the MTP3 headers?

    What do you see? Why isnt it displaying things properly??

    WiresharkwithSS7|2|2006eServGlobal

    Configuring Wireshark for SS7 1/2

    Go to Edit -> Preferences -> Protocols

    Go to MTP3 and set (should never have to change again):

    MTP3 standard = ITU

    ITP PC Structure = Unstructured (ie print PC as a number, not 3-8-3)

    Clear both 5-bit SLS values

    Address Format = Decimal

    Go to SCCP and set (should never have to change again):

    Source PC = 0

    Check the Show Length and Reassemble boxes

    Go to TCAP and set (for this example specific to most networks)

    SCCP SSNs = 6-147, 241

    Go to CAMEL and set (for this example specific to most networks)

    Date Format DD/MM/YYYY

    TCAP SSNs = 146

    WiresharkwithSS7|3|2006eServGlobal

    Configuring Wireshark for SS7 2/2

    Go to Edit -> Preferences -> Protocols

    Go to GSM_MAP and set (for this example)

    TCAP SSNs = 5-11, 147

    Put isup in the display filter box and click apply

    Put sccp in the display filter box and click apply

    Put tcap in the display filter box and click apply

    Put camel in the display filter box and click apply

    Put gsm_map in the display filter box and click apply

    Go to the next example and read it in.

    Explode a tree and see what the decode is. Why it is confused?

    Go to INAP and set (for this example)

    TCAP SSNs = 12,13,106

    WiresharkwithSS7|4|2006eServGlobal

    Thats it!

    WiresharkwithSS7|5|2006eServGlobal

    You might also like