Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Wireshark For Lte

    Enviado por

    Anonymous X6iPKl
    150 visualizações3 páginas
    WIRESHARK FOR LTE

    Título original

    WIRESHARK FOR LTE

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    WIRESHARK FOR LTE

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    150 visualizações3 páginas

    Wireshark For Lte

    Enviado por

    Anonymous X6iPKl
    WIRESHARK FOR LTE

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 3

    Wireshark Filter for Lte.

    txt

    To Find out single end to end LTE call Flow from multiple
    wireshark Capture trace,Please follow the below sequential
    steps:Only input we required to make the fillter is IMSI
    404909060013311.NAS and S1-AP message in between UE-MME,
    eND-MME (NAS,
    S1-AP)-----------------------------------------------------
    ----------nas_eps.emm.imsi == "404909060013311" //with this
    filter, we are able to extract InitialUEMessage,
    AttachRequest, PDNConnectivity Request.From above output
    try to get s1ap.ENB_UE_S1AP_ID == 607 // which gives you
    allthe meesages on S1-AP, NAS-EPS
    message.s1ap.ENB_UE_S1AP_ID == 607Diameter Message in
    between MME to HSS (S6a and
    S13)--------------------------------------------We can
    easily put fillter as usernamediameter.User-Name ==
    "404909060013311" // Result of this Filter gives us the
    output as AIR, ME-Identity Check and ULR from MME to
    HSS.Now our aim should be find the response for each
    corresponding Request.diameter.hopbyhopid == 0x57539708 //
    look for the fillter as Hop by Hopidentifier on AIR
    messagediameter.User-Name ==
    "404909060013311"||diameter.hopbyhopid ==0x57539708 // Now
    we are able to get AIR, ME-Identity Check, ULR and AIAnext
    Pending Message id ME-Identity Check Response
    diameter.hopbyhopid == 0x219bbd08only pending message is
    ULA, for that we need to extract the fillter from
    Hop-by-Hop of ULR message (diameter.hopbyhopid ==
    0x78267708).diameter.User-Name ==
    "404909060013311"||diameter.hopbyhopid
    ==0x57539708||diameter.hopbyhopid ==
    0x219bbd08||diameter.hopbyhopid == 0x78267708//Gives us all
    the message in s6a interfacesorWe can easily put fillter as
    usernamediameter.User-Name == "404909060013311" // Result
    of this Filter gives us the output as AIR, ME-Identity
    Check and ULR from MME to HSS.diameter.Session-Id ==
    "mme01.e2elte.ril.in;44527db4;772a0b5f;041cda8a"for AIR and
    AIAdiameter.Session-Id ==
    "mme01.e2elte.ril.in;44527db4;772a0b5f;39b9f14a"for ULR and
    ULAdiameter.Session-Id ==
    "mscp01.pgw2.e2elte.ril.in;1695a065;4de4beb8;40409000000001
    Pge p
    Wireshark Filter for Lte.txt
    0-00a00100" all the message in between in PGW and PCR

    Diameter Message in between PCRF and


    P-CSCF-------------------------------------------(diameter.
    Session-Id == "Video_Streaming2") ||
    (diameter.Framed-IP-Address.IPv4== 10.21.1.1) //message in
    between Rx Interface !!GTPv2 messages in between MME to SGW
    (S11), SGW to PGW
    (S5/S8)----------------------------------------------------
    -----------Steps to filter out the CSR, CSResp, from MME to
    SGW, SGW to PGWFirst figure out gtpv2.imsi ==
    "404909060013311" // result give us CSR from MME to SGW,
    SGW to PGW.Then Extract EPS Bearer ID which is unique among
    this gtpv2.ebi == 5, which gives us all the message on
    GTPv2 header from MME to SGW, SGW to PGW.Now update fillter
    isgtpv2.imsi == "404909060013311" ||gtpv2.ebi == 5 // for
    all themessages in between , MME, SGW, and PGW on GTPv2
    Interfaces.Diameter message in between PGW to PCRF
    (Gx).----------------------------------------------diameter
    .Subscription-Id-Data == "404909060013311" this filter
    result give you the CCR message, but not the CCResponse for
    this.But with help of this filter we can figure out
    diameter.hopbyhopid , asa result we can able to find out
    the CCResp messagediameter.hopbyhopid == 0x03d86c6aNow
    updated filter for Diameter message in between PGW to PCRF
    is as belows:diameter.Subscription-Id-Data ==
    "404909060013311"||diameter.hopbyhopid== 0x03d86c6aNow
    below filter gives us the result for Both GTPv2 messages in
    betweenMME to SGW, SGW to PGW and Diameter message in
    between PGW to PCRF (S11, S5/S8,Gx)gtpv2.imsi ==
    "404909060013311"||gtpv2.ebi ==
    5||diameter.Subscription-Id-Data ==
    "404909060013311"||diameter.hopbyhopid == 0x03d86c6aSGsAP
    Message in between MME to MSC
    (SGs)--------------------------------------gsm_a.imsi ==
    "404909060013311"So final filter is as
    below((s1ap||x2ap||sgsap||gtpv2||sip||diameter)&&!(diameter
    .cmd.code == 280)) // forFilltering out all the message who
    belongs to only LTE based massages (S1-AP, NAS-EPS,
    GTPv2,Diameter and SGS Interface

    nas_eps.emm.imsi == "404909060013311"||s1ap.ENB_UE_S1AP_ID
    Pge p
    Wireshark Filter for Lte.txt
    == 607||gsm_a.imsi =="404909060013311"||diameter.User-Name
    == "404909060013311"||diameter.hopbyhopid==
    0x57539708||diameter.hopbyhopid ==
    0x219bbd08||diameter.hopbyhopid == 0x78267708||gtpv2.imsi
    == "404909060013311" ||gtpv2.ebi ==
    5||diameter.Subscription-Id-Data ==
    "404909060013311"||diameter.hopbyhopid ==
    0x03d86c6as1ap.ENB_UE_S1AP_ID == 607||diameter.hopbyhopid
    == 0x57539708||diameter.hopbyhopid ==
    0x219bbd08||diameter.hopbyhopid == 0x78267708||gsm_a.imsi
    == "404909060013311"

    Pge p

    Você também pode gostar