Wireshark UI Navigation.
Interfaces for Captures :-
Packet captures can be collected at various points in the network via taps. Some commonly used interfaces are
-> S1-C
-> S11
-> S5-C
-> Gx, Rx
-> SGi
-> S6a
Most of these boxes are basedon linux so you can easily runtcpdump command given that you know the interface for messages.
You can filter by various aspects - Most commonly used for LTE debugging are -
a. IP addresses - ip.src == IPV4 / ipv6.src == IPV6_address (ex - 2001:0000:4136:e378:)
i. ip.src ==
ii. ip.dst ==
iii. ip.addr ==
b. Protocol - sctp or udp or gtpv2 or s1ap or diameter.
c. You can even filter by procedure codes with a protocol.
i. Example - gtpv2.message_type == 176 ---> will only show you DL notification messages.
4. You can save filter by clicking on the + sign and giving a name. Next time you load the pcap you can
apply the filter directly.
5. diameter.cmd.code == 318 - this filter will show you all the Authentication messages on S6a
interface.
No comments:
Post a Comment