On Sep 11, 2008, at 8:19 AM, Isaac Gerg wrote:
I have seen through various places on the net that one can decode
GSM
data using wireshark. How does this work?
That depends on what you mean by "GSM data".
At least according to the diagram in
http://wiki.wireshark.org/GsmProtocolFamily
there are a lot of interfaces in GSM, and a lot of protocols running
over those interfaces.
Wireshark understands many of those protocols; as far as I know, it
does not understand all of them. (So, for example, don't infer, from
the existence of some GSM A-interface dissectors in Wireshark, that
it's capable of handling R-interface packets.)
I have seen one case in
which the GNU Radio software feeds wireshark the data directly.
However, the source of this information seems to be more than a year
old.
Presumably that's GSSM:
http://thre.at/gsm/
It involves
1) a somewhat "hacky" (to quote that page) mechanism by which the GNU
Radio and GSSM software stuffs packets down a Linux tunnel interface;
2) a patch to Wireshark to detect those packets and decode them as
the appropriate protocol.
That presumably handles the R interface (handset-to-base-station) and
at least some of the protocols running atop that interface.
Standard Wireshark handles the A interface (base-station-to-core-
network, at least as I read the diagram); I assume that's transported
atop various wired networks also supported by Wireshark.
Is is possible to just capture the bits to a text file (stored as just
'1' and '0') and then feed it into wireshark and have it decode it?
Not without teaching Wireshark how to read the text file - and you'd
probably be better off capturing the bits to a binary file, storing
1's as 1's and 0's as 0's, and having Wireshark read *those* files
(decoding text files is a pain).
In any case, you'd only be able to do that if all the protocols in the
capture are protocols Wireshark understands. What interface is this
traffic going over, and what protocols are being used?