Wireshark mailing list archives

Re: Help decoding GSM SMS (no crypt)

From: Pascal Quantin <pascal.quantin () gmail com>
Date: Sun, 8 May 2016 23:38:28 +0200

[Back to mailing list]

Le 8 mai 2016 23:22, "reginaldo salles" <reginaldosalles1972 () gmail com> a
écrit :


It has been ages since I last looked at GSM logs, but as far as I can

tell this capture does not contain any audio samples but only control plane
messages.


Hi Pascal, thanks to your help. This capture contains a call that i made

inbound my test BTS. I activate the GSMTAP interface at loopback and direct
capture all traffic using tshark.

The command that i used is: tshark -i lo -f "port 4729" -w /call.cap


I'm still surprised by the LAPDm captures as it looks like not all packets
are present (it does not follow what I can remember from 3GPP 24.006).


By the way you have not answered my previous questions regarding the way

those captures are done and whether some LAPDm packets were filtered or not.


I dont have any filter or firewall activates and i can direct capture any

packet in my test environment, so i can help you if you need any
information.


Im trying to figure out a way to capture the CALL (audio) between phones

in my test environment. I dont activate any encryption and my bts is based
in YateBTS.

Looks like your equipment does not allow capturing HR/FR/AMR packets. I'm
not a YateBTS user so I cannot tell you more. Better ask to the guys
responsible for this project instead.


Your patch works fine and i due to your patch i can read the SMS in plain

text. Anyway, if i activate the tshark like above, i can get the sms
correctly (withou need your patch). But if i activate the tshark using:
tshark -i lo -w /call.cap i cant see the SMS, just a error related to
missing PDU or missing packet.

My patch is required if:
- you capture ICMP error packets (with you can filter with a capture
filter),  or
- you have LAPDm retransmissions (that you cannot filter so it's simply a
question of luck)
Still my patch does not work as good as it could due to the inconsistent
N(S) increment seen in the capture.



Regards,
Pascal.



One more time thanks to all. if you can, send me details about GSM call

and how i can capture it correctly and play the captured audio.



PS: the SIB13 malformed packet error seen is fixed in

https://code.wireshark.org/review/#/c/15290

___________________________________________________________________________

Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org

?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Help decoding GSM SMS (no crypt) reginaldo salles (May 06)
- Re: Help decoding GSM SMS (no crypt) Pascal Quantin (May 07)
  - Re: Help decoding GSM SMS (no crypt) Pascal Quantin (May 07)
    - Re: Help decoding GSM SMS (no crypt) reginaldo salles (May 07)
    - Re: Help decoding GSM SMS (no crypt) Guy Harris (May 07)
    - Re: Help decoding GSM SMS (no crypt) reginaldo salles (May 07)
    - Re: Help decoding GSM SMS (no crypt) Pascal Quantin (May 08)
    - Message not available
    - Re: Help decoding GSM SMS (no crypt) Pascal Quantin (May 08)
  - Re: Help decoding GSM SMS (no crypt) reginaldo salles (May 07)
- <Possible follow-ups>
- Help decoding GSM SMS (no crypt) reginaldo salles (May 06)