Wireshark

WireShark Ethereal
Traces
Scope
This document is to help Operations team in
troubleshooting GB or GPRS related issues.
To troubleshoot issues with GB over IP or PCU

pooling, it is not possible to analyze with help of
commands or logs only. Additional information is
needed in form of message flow, and we require
some packet analyzer to study such messages.
WireShark is software that "understands" the

structure of different networking protocols. Thus,
it is able to display the encapsulation and the
fields along with their meanings of different
packets specified by different networking
protocols.
WireShark:
Wire shark is a free and open source packet analyzer. It is used for network troubleshooting,
analysis, software and communication protocol development.
Software:
Wire shark Can be downloaded from: http://www.wireshark.org/download.html
Analyzing of WireShark Documentation available from:
http://openmaniak.com/wireshark.php
Alternatively HELP section will also provide protocol details
(refer to snapshot below)
Important Point:
Multiple Files need to be captured for Better Analysis
• Idle duration is 30 Minutes
• Easy to analyze and share trace file
Steps for Setup:

Go to Capture  Options Select Network Adapter Tick Multiple files and
specify Time duration Browse for location to save Trace files
ESB Mirror Port Method:
This method utilizes “ Port mirroring “ to make direct copy of all the traffic from
one ESB port to another.
Need:: 1.
Local engineer present physically at site.
2. He Should have the Serial and LAN Connection in Laptop.
To configure the ESB card, we need to modify the ESB configuration as

mentioned Below
1. ESB26:
A: Configure the laptop port (unused port) to monitor the active port (connected to
SGSN carrying traffic)

Log into ESB card using a serial connection (SER port):
•Enter password “nokia” and go to privileged mode by typing “ en "
•Go to configure mode by typing “ configure terminal "
•Go to the laptop port configuration (1/1/2) by typing “ interface 1/1/2 "
•Enable the mirroring of active port (1/1/1) using command “ port monitor 1/1/1 "
B. Collecting Wire shark traces from port 1/1/2 (ETH2):
Connect laptop/ windows machine to port-2 of ESB using Ethernet straight cable.
Give any free IP address to laptop in same subnet as BSC
Start monitoring the IP logs at laptop using WireShark.
Sample configuration logs

Example::
ESB 26 CONFIG.TXT
Note:
•Do not forget to revert settings on sniffer port after capturing traces.
•Monitor the port on ESB where Cable coming from SGSN carrying GB traffic is terminated.
•Only use any unused port as SNIFFER port.
2.ESB24:
A. Configure the laptop port (unused port) to monitor the active port ( connected
to SGSN carrying traffic)
Log into ESB card using a serial connection (SER port)

•Enter password “nsn-switch” and go to privileged mode by typing “ en "
•Go to configure mode by typing “configure terminal”
•Go to the bridge mode by typing “bridge”
•Enable the mirror by typing “mirror enable”
•Go to the laptop port configuration (1/1/23) by typing “mirror monitor 1/1/23"
•Add the mirroring of active port (1/1/1) using command “mirror add 1/1/1"
Sample configuration logs

Example::
ESB 24 CONFIG.txt
B. Collecting Wire shark traces from port 1/1/23 (ETH23)
•Connect laptop/ windows machine to port-23 of ESB using Ethernet straight cable.
•Give any free IP address to laptop in same subnet as BSC
•Start monitoring the IP logs at laptop using WireShark.
Note :
Do not forget to revert settings after capturing traces.
•SWITCH(bridge)# mirror disable
•SWITCH(bridge)# no mirror monitor
•SWITCH(bridge)# mirror del 1/1/1
Capture Start
The "Analyze" menu::
Open WireShark  Analyze Decode As
Every field in the packet details pane can be used as a filter string, this will result
in showing only the packets where this field exists. For example: the filter string:
top will show all packets containing the TCP protocol.
English C-like Description and example
eel == Equal
ip.src==10.0.0.5
ne != Not equal
ip.src!=10.0.0.5
get > Greater than

frame.len > 10
let < Less than

frame.len < 128
gee >= Greater than or equal to

frame.len gee 0x100
le <= Less than or equal to

frame.len <= 0x20
Filter Protocol: 1.Network Service Over IP (nsip)
Field name Type Description Versions
nsip.bvci Unsigned 16-bit integer BVCI 1.0.0 to 1.4.0
nsip.cause Unsigned 8-bit integer Cause 1.0.0 to 1.4.0
nsip.control_bits.c Boolean Confirm change flow 1.0.0 to 1.4.0
nsip.control_bits.r Boolean Request change flow 1.0.0 to 1.4.0
nsip.end_flag Boolean End flag 1.0.0 to 1.4.0
nsip.ip4_elements None IP4 elements 1.0.0 to 1.4.0
nsip.ip6_elements None IP6 elements 1.0.0 to 1.4.0
nsip.ip_address IPv4 address IP Address 1.0.0 to 1.4.0
nsip.ip_address_type Unsigned 8-bit integer IP Address Type 1.0.4 to 1.4.0
nsip.ip_element.data_weight Unsigned 8-bit integer Data Weight 1.0.0 to 1.4.0
nsip.ip_element.ip_address IPv4 address IP Address 1.0.0 to 1.4.0

nsip.ip_element.signalling_
Unsigned 8-bit integer Signalling Weight 1.0.0 to 1.4.0
weight
nsip.ip_element.udp_port Unsigned 16-bit integer UDP Port 1.0.0 to 1.4.0
nsip.max_num_ns_vc Unsigned 16-bit integer Maximum number of NS-VCs 1.0.0 to 1.4.0
nsip.ns_vci Unsigned 16-bit integer NS-VCI 1.0.0 to 1.4.0

nsip.nsei Unsigned 16-bit integer NSEI 1.0.0 to 1.4.0
nsip.num_ip4_endpoints Unsigned 16-bit integer Number of IP4 endpoints 1.0.0 to 1.4.0
nsip.num_ip6_endpoints Unsigned 16-bit integer Number of IP6 endpoints 1.0.0 to 1.4.0
nsip.pdu_type Unsigned 8-bit integer PDU type 1.0.0 to 1.4.0
nsip.reset_flag Boolean Reset flag 1.0.0 to 1.4.0
nsip.transaction_id Unsigned 8-bit integer Transaction ID 1.0.0 to 1.4.0
2.Base Station Subsystem GPRS Protocol (bssgp )
Field name Type Description Versions
bssgp.a_bit Boolean A 1.6.0 to 1.6.3
bssgp.appid Unsigned 8-bit integer Application ID 1.0.0 to 1.6.0
B_PFC: Bucket Full Ratio of
bssgp.b_pfc Unsigned 8-bit integer 1.6.0 to 1.6.3
the PFC
Bmax(x 100 or in increments
bssgp.bmax Unsigned 16-bit integer as defined by the Flow 1.6.0 to 1.6.3
Control Granularity IE)
Bmax_PFC(x 100 or in
bssgp.bmax_pfc Unsigned 16-bit integer increments as defined by the 1.6.0 to 1.6.3
Flow Control Granularity IE)
bssgp.bss_ind Unsigned 8-bit integer BSS indicator 1.6.0 to 1.6.3
Ratio of the bucket that is
bssgp.bucket_full_ratio Unsigned 8-bit integer 1.6.0 to 1.6.3
filled up with data
Bmax(x 100 or in increments
bssgp.bucket_size Unsigned 16-bit integer as defined by the Flow 1.6.0 to 1.6.3
Control Granularity IE)
bssgp.bvci Unsigned 16-bit integer BVCI 1.0.0 to 1.6.3
bssgp.cause Unsigned 8-bit integer Cause 1.6.0 to 1.6.3
Current Bucket Level(CBL)
bssgp.cbl Boolean 1.6.0 to 1.6.3
Procedures
bssgp.cell_acc_mode Unsigned 8-bit integer Cell Access Mode 1.6.0 to 1.6.3
bssgp.ci Unsigned 16-bit integer CI 1.0.0 to 1.6.3
bssgp.container_id Unsigned 8-bit integer Container ID 1.6.0 to 1.6.3
bssgp.cr_bit Boolean C/R 1.6.0 to 1.6.3
bssgp.cs_indication Unsigned 8-bit integer CS Indication Contents 1.6.0 to 1.6.3
bssgp.csg_id Unsigned 32-bit integer CSG Identity (CSG-ID) 1.6.0 to 1.6.3
bssgp.delay_val Unsigned 16-bit integer Delay Value (in centi-seconds) 1.6.0 to 1.6.3
bssgp.elem_id Unsigned 8-bit integer Element ID 1.6.0 to 1.6.3
Enhanced Radio Status
bssgp.enhancedradiostatus Boolean 1.6.0 to 1.6.3
Procedures
bssgp.gprs_timer Unsigned 8-bit integer Unit Value 1.6.0 to 1.6.3
bssgp.ie_type Unsigned 8-bit integer IE Type 1.0.0 to 1.6.0
bssgp.iei.nacc_cause Unsigned 8-bit integer NACC Cause 1.0.0 to 1.6.0
bssgp.imei String IMEI 1.0.0 to 1.6.0
bssgp.imeisv String IMEISV 1.0.0 to 1.6.0
bssgp.imsi String IMSI 1.0.0 to 1.6.0
bssgp.inr Boolean Inter-NSE re-routing(INR) 1.6.0 to 1.6.3
bssgp.irat_ho_inf_req Boolean Inter RAT Handover Info 1.6.0 to 1.6.3
bssgp.lac Unsigned 16-bit integer LAC 1.0.0 to 1.6.0
bssgp.lcs Boolean LCS Procedures 1.6.0 to 1.6.3
bssgp.llc_frames_disc Unsigned 8-bit integer Number of frames discarded 1.6.0 to 1.6.3
bssgp.mbms Boolean MBMS Procedures 1.6.0 to 1.6.3

bssgp.mbms_cause Unsigned 8-bit integer Cause 1.6.0 to 1.6.3
bssgp.mbms_data_ch_cause Unsigned 8-bit integer MBMS data channel Cause 1.6.0 to 1.6.3
Number of Routing Area
bssgp.mbms_num_ra_ids Unsigned 8-bit integer 1.6.0 to 1.6.3
Identifications
bssgp.mbms_stop_cause Unsigned 8-bit integer Stop Cause 1.6.0 to 1.6.3
bssgp.mcc Unsigned 8-bit integer MCC 1.0.0 to 1.6.0
bssgp.mnc Unsigned 8-bit integer MNC 1.0.0 to 1.6.0
bssgp.nacc_cause Unsigned 8-bit integer NACC Cause 1.6.0 to 1.6.3
Number of octets transferred
bssgp.no_of_oct Unsigned 24-bit integer 1.6.0 to 1.6.3
or deleted
bssgp.nri Unsigned 16-bit integer NRI 1.0.0 to 1.6.0
bssgp.nsei Unsigned 16-bit integer NSEI 1.0.0 to 1.6.3
bssgp.num_si_psi Unsigned 8-bit integer Number of SI/PSI 1.6.0 to 1.6.3
bssgp.rac Unsigned 8-bit integer RAC 1.0.0 to 1.6.0
Routing Address
bssgp.rad Unsigned 8-bit integer 1.0.0 to 1.6.3
Discriminator
bssgp.ran_inf_pdu_t_ext_c Unsigned 8-bit integer PDU Type Extension 1.6.0 to 1.6.3
bssgp.ran_inf_req_pdu_t_ext_
Unsigned 8-bit integer PDU Type Extension 1.6.0 to 1.6.3
c
bssgp.ran_inf_req_pdu_type_
Unsigned 8-bit integer PDU Type Extension 1.0.0 to 1.6.0
ext
bssgp.ran_req_pdu_type_ext Unsigned 8-bit integer PDU Type Extension 1.0.0 to 1.6.0
bssgp.rat_discriminator Unsigned 8-bit integer RAT discriminator 1.6.0 to 1.6.3
bssgp.rcid Unsigned 64-bit integer Reporting Cell Identity 1.0.0 to 1.6.0
bssgp.rel_int_rat_ho_inf_ind Boolean Inter RAT Handover Info 1.6.0 to 1.6.3
RAN Information
bssgp.rim Boolean Management (RIM) 1.6.0 to 1.6.3
procedures
bssgp.rim_app_id Unsigned 8-bit integer RIM Application Identity 1.6.0 to 1.6.3
bssgp.rim_pdu_ind_ack Boolean ACK 1.6.0 to 1.6.3
bssgp.rnc_id Unsigned 16-bit integer RNC ID 1.6.0 to 1.6.3
bssgp.rrc_si_type Unsigned 8-bit integer RRC SI type 1.0.0 to 1.6.0
bssgp.rrlp_flag1 Boolean Flag 1 1.6.0 to 1.6.3
bssgp.s13_cause Unsigned 8-bit integer SI3 Cause 1.6.0 to 1.6.3
bssgp.tag Unsigned 8-bit integer Tag 1.6.0 to 1.6.3
bssgp.time_to_mbms_data_tr
Unsigned 8-bit integer Time to MBMS Data Transfer 1.6.0 to 1.6.3
an
bssgp.tlli Unsigned 32-bit integer TLLI 1.0.0 to 1.6.0
bssgp.tmsi_ptmsi Unsigned 32-bit integer TMSI/PTMSI 1.0.0 to 1.6.0
bssgp.trace_ref Unsigned 16-bit integer Trace Reference 1.6.0 to 1.6.3
bssgp.transaction_id Unsigned 16-bit integer Transaction Id 1.6.0 to 1.6.3
Target to Source Transparent
bssgp.trg_to_src_transp_cont Byte array 1.6.0 to 1.6.3
Container
bssgp.type Unsigned 8-bit integer Type 1.6.0 to 1.6.3
bssgp.unit_val Unsigned 8-bit integer Unit Value 1.6.0 to 1.6.3
bssgp.utra_si_cause Unsigned 8-bit integer UTRA SI Cause 1.6.0 to 1.6.3
Protocol Value:
nsip.pdu_type
NS-ALIVE 10
NS-ALIVE-ACK 11
SNS-ACK 12
SNS-ADD 13
SNS-CONFIG 15
SNS-CONFIG-ACK 16
SNS-DELETE 17
SNS-SIZE 18
SNS-SIZE-ACK 19
bssgp.pdu_type
BVC-BLOCK 0*20
BVC-BLOCK-ACK 0*21
BVC-RESET 0*22
BVC-RESET-ACK 0*23
FLOW-CONTROL-BVC 0*26
FLOW-CONTROL-BVC-ACK 0*27
FLOW-CONTROL-MS 0*28
FLOW-CONTROL-MS-ACK 0*29
FLUSH-LL 0*2a
FLUSH-LL-ACK 0*2b
Thank you

Wireshark

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Wireshark

Uploaded by

Copyright:

Available Formats

WireShark Ethereal

To troubleshoot issues with GB over IP or PCU

WireShark is software that "understands" the

Steps for Setup:

To configure the ESB card, we need to modify the ESB configuration as

SGSN carrying traffic)

Sample configuration logs

Log into ESB card using a serial connection (SER port)

Sample configuration logs

get > Greater than

let < Less than

gee >= Greater than or equal to

le <= Less than or equal to

nsip.ip_element.data_weight Unsigned 8-bit integer Data Weight 1.0.0 to 1.4.0

nsip.ip_element.ip_address IPv4 address IP Address 1.0.0 to 1.4.0

nsip.max_num_ns_vc Unsigned 16-bit integer Maximum number of NS-VCs 1.0.0 to 1.4.0

nsip.ns_vci Unsigned 16-bit integer NS-VCI 1.0.0 to 1.4.0

bssgp.llc_frames_disc Unsigned 8-bit integer Number of frames discarded 1.6.0 to 1.6.3

bssgp.mbms Boolean MBMS Procedures 1.6.0 to 1.6.3

You might also like