# Each pair of strings consists of a column title and its format. home/user/.wireshark./profiles/SS7/preferences The following file stores the configuration for your Wireshark profile: (click on image to enlarge) Exporting / Importing columns setting NOTE: This can be generalized to any Wireshark expression, so you can display any data you want from the pcap in the columns view. Click on “Apply”: you will have your new column in your Wireshark packet list view.Now you can enter your wireshark expression in “Field Name”, for example or.
Set the field type in the “Field Type” of your new column, select “Custom”. In this window, click on “Add” to add a column, and set it’s name by clicking on it in the columns list. 
Add a column: Right click on the packet list view column titles and go in “Column Preferences”. Create a new profile : Go to “Edit > Configuration Profiles”, click on Add and call it “SS7″. (click on image to enlarge) How to configure column display (wireshark >= 1.8.0) You can customize the display columns of Wireshark to show GT and SSN in the packet list view, and do this in a separate profile to have different views on your packet depending of your activity. Customize your wireshark Customize Wireshark columns Transaction Capabilities Application Part (TCAP)Įach of these layer contains more parameters compared to IP.īesides, many small packet flags are critically important, such as M3UA Network Indicator (Coded on 1 Byte, it represents the type of SS7 link : Internal, National or International). Signalling Connection Control Part (SCCP). MTP Level 3 (MTP3) User Adaptation Layer (M3UA). Stream Control Transmission Protocol (SCTP). On typical SS7 traffic you face in order: Secondly, their are much more network layers involved in Telecom traffic than on usual IP only traffic. Point Code + Sub-System Number (PC + SSN). 
Global Title + Sub-System Number (GT + SSN). Instead of only IP + port tuples to represent endpoints of IP communication, in SS7 you use Global Titles (GT), Point Codes (PC or SPC) and Sub-System Numbers (SSN), that can be used as follow: Why SS7 traffic is more complex to analyzeįirst, SS7 Addressing is more complex than IP : You see only one color for all different SS7 traffic types, because wireshark pre-configures coloring only for standard protocols. You cannot see the interesting addresses in packet list view due to different addressing in SS7 and multiple layers involved. Here is an example of SS7 traffic using default wireshark settings: The problem is that this configuration is not at all suitable for specific needs of Telecom traffic analysis, and does not give you a quick vision when you are working on an SS7 Pcap. Primary usage of wireshark is to visualize packets coming from traditional IP traffic, that is why default wireshark settings provides a relatively good overview of IP packets for most of the use cases.
0 kommentar(er)
