Wireshark mailing list archives
Re: BIP / CAT-TP protocol support
From: Pascal Quantin <pascal.quantin () gmail com>
Date: Sat, 4 May 2013 18:37:01 +0200
2013/5/3 Kunc Ondrej DC <ondrej.KUNC () gemalto com>
Hello Wireshark community!**** ** ** I need to decode BIP / CAT-TP protocol – and am desperately looking for any kind of either standalone SW or Wireshark plugin to read it – could you please advise if there such plugin or any way to decode it? The only reference to bip.dll [but maybe it’s just a coindicence of names] I’ve found is here http://article.gmane.org/gmane.network.wireshark.devel/9668/match=bip but it doesn’t help much – I have already written to Jorge but no reply so far. **** ** ** Thanks a lot for coop / update and have a nice day everyone! :]**** Ondrej
Ho Ondrej, in Wireshark 1.10rc1 you have an ETSI CAT dissector embedded. You can call it by providing directly the proactive command and indicating Wireshark how to decode the payload. For example let's take the following proactive command BER TLV: D0 42 81 03 01 40 01 82 02 81 82 35 07 02 03 04 02 09 1F 02 39 02 05 78 47 0A 06 54 65 73 74 47 70 02 72 73 0D 08 F4 55 73 65 72 4C 6F 67 0D 08 F4 55 73 65 72 50 77 64 3C 03 02 AD 9C 3E 05 21 01 01 01 01 You can use text2pcap to build a pcap out of this text dump and select the user specific DLT 147: text2pcap -l 147 intput.txt output.pcap Where input.txt is a text file containing the following line (note that I removed the proactive command tag and the length): 0000 81 03 01 40 01 82 02 81 82 35 07 02 03 04 02 09 1F 02 39 02 05 78 47 0A 06 54 65 73 74 47 70 02 72 73 0D 08 F4 55 73 65 72 4C 6F 67 0D 08 F4 55 73 65 72 50 77 64 3C 03 02 AD 9C 3E 05 21 01 01 01 01 . Then open the resulting pcap in Wireshark, select Edit -> Preferences -> Protocols ->DLT_USER. Click on Edit -> New, select DLT User 0 (DLT=147), and in the payload protocol enter etsi_cat and click on OK. Now Wireshark knows how to dissect the payload and you should get the following output: Frame 1: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) DLT: 147, Payload: etsi_cat (Card Application Tookit ETSI TS 102.223) Card Application Tookit ETSI TS 102.223 Command details: 014001 Command Number: 0x01 Command Type: OPEN CHANNEL (0x40) Device identity: 8182 Source Device ID: SIM / USIM / UICC (0x81) Destination Device ID: Terminal (Card Reader) (0x82) Bearer description: 02030402091f02 Bearer Description: GPRS / UTRAN packet service / E-UTRAN (0x02) Precedence Class: 3 Delay Class: 4 Reliability Class: 2 Peak Throughput Class: 9 Mean Throuhgput Class: 31 Packet Data Protocol Type: IP (Internet Protocol, IETF STD 5) (2) Buffer size: 0578 Buffer Size: 1400 Network Access Name: 06546573744770027273 APN: TestGp.rs Text string: f4557365724c6f67 Text String Encoding: GSM default alphabet, 8 bits (0xf4) Text String: UserLog Text string: f455736572507764 Text String Encoding: GSM default alphabet, 8 bits (0xf4) Text String: UserPwd UICC/terminal interface transport level: 02ad9c Transport protocol type: TCP, UICC in client mode, remote connection (0x02) Transport port: 44444 Other address (data destination address): 2101010101 Coding of Type of address: IPv4 address (0x21) IPv4 address: 1.1.1.1 (1.1.1.1) You also have a GSM SIM dissector that can be used to perform the dissection of the APDU and call the ETSI CAT dissector when needed. Simply replace "etsi_cat" protocol name by "gsm_sim". The following payload: 00 12 00 00 44 D0 42 81 03 01 40 01 82 02 81 82 35 07 02 03 04 02 09 1F 02 39 02 05 78 47 0A 06 54 65 73 74 47 70 02 72 73 0D 08 F4 55 73 65 72 4C 6F 67 0D 08 F4 55 73 65 72 50 77 64 3C 03 02 AD 9C 3E 05 21 01 01 01 01 90 00 Will be dissected as: Frame 1: 75 bytes on wire (600 bits), 75 bytes captured (600 bits) DLT: 147, Payload: gsm_sim (GSM SIM 11.11) GSM SIM 11.11 Class: Unknown (0x00) Instruction: FETCH (0x12) Length of Expected Response Data: 68 BER-TLV Tag: Proactive Command (0xd0) Card Application Tookit ETSI TS 102.223 Command details: 014001 Command Number: 0x01 Command Type: OPEN CHANNEL (0x40) Device identity: 8182 Source Device ID: SIM / USIM / UICC (0x81) Destination Device ID: Terminal (Card Reader) (0x82) Bearer description: 02030402091f02 Bearer Description: GPRS / UTRAN packet service / E-UTRAN (0x02) Precedence Class: 3 Delay Class: 4 Reliability Class: 2 Peak Throughput Class: 9 Mean Throuhgput Class: 31 Packet Data Protocol Type: IP (Internet Protocol, IETF STD 5) (2) Buffer size: 0578 Buffer Size: 1400 Network Access Name: 06546573744770027273 APN: TestGp.rs Text string: f4557365724c6f67 Text String Encoding: GSM default alphabet, 8 bits (0xf4) Text String: UserLog Text string: f455736572507764 Text String Encoding: GSM default alphabet, 8 bits (0xf4) Text String: UserPwd UICC/terminal interface transport level: 02ad9c Transport protocol type: TCP, UICC in client mode, remote connection (0x02) Transport port: 44444 Other address (data destination address): 2101010101 Coding of Type of address: IPv4 address (0x21) IPv4 address: 1.1.1.1 (1.1.1.1) Status Word: 9000 Normal ending of the command Then you can easily script the call to text2pcap to automate the pcap creation. Have fun, Pascal.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- BIP / CAT-TP protocol support Kunc Ondrej DC (May 04)
- Re: BIP / CAT-TP protocol support Pascal Quantin (May 04)