Ask Your Question
0

How to dissect GSM 2G hex stream into wireshark

asked 2020-07-22 15:57:38 +0000

prokino gravatar image

updated 2020-07-23 08:20:01 +0000

I have GSM "SYSTEM INFORMATION TYPE 3" message in hex:

0x061b45d812f6070092c9060a27e500fd00008f00402b

I transform this hex string into :

0000  30 36 31 62 34 35 64 38 31 32 66 36 30 37 30 30   061b45d812f60700
0010  39 32 63 39 30 36 30 61 32 37 65 35 30 30 66 64   92c9060a27e500fd
0020  30 30 30 30 38 66 30 30 34 30 32 62 0d 0a 0d 0a   00008f00402b....

Then I make a .pcap file and put it into WireShark. But WireShark doen't show me SYSTEM INFORMATION TYPE 3 message content. What is wrong??

edit retag flag offensive close merge delete

Comments

What format is the data in the hex string?
CyberChef has tools for converting to/from hex for testing.

Hex string for "SYSTEM INFORMATION TYPE 3" is:

53 59 53 54 45 4d 20 49 4e 46 4f 52 4d 41 54 49 4f 4e 20 54 59 50 45 20 33
Chuckc gravatar imageChuckc ( 2020-07-22 16:25:14 +0000 )edit

If this is GSM data you might change the question title to include that.

Chuckc gravatar imageChuckc ( 2020-07-22 16:57:36 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-07-23 13:58:05 +0000

Jaap gravatar image

What is wrong is that you throw a bunch of numbers into Wireshark and expect it to somehow magically know this is "SYSTEM INFORMATION TYPE 3" and dissect it. What normally happens is that packets of a GSM network are captured, e.g., on an Ethernet network, and stored in packet capture file with the type of network it was carried on. Then, based on this information, the packets get dissected piece by piece. If well formed, the packet dissection eventually will dissect this data as SYSTEM INFORMATION TYPE 3".

Now, is there a shortcut to this? Maybe. You would have to find out in what dissector this data can be dissected into this information, then construct a PDU to feed to this dissector and use the import hex dump feature with the Wireshark Upper PDU export encapsulation. For this you probably need to know your way around the GSM protocols.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2020-07-22 15:57:38 +0000

Seen: 583 times

Last updated: Jul 23 '20

Related questions

Wireshark is decoding all RRC messages using DL_CCCH filter. Please help me in decoding all RRC messages with proper dissectors.

How to decoi from S1AP or X2AP to RRC Level

how to decode RRC payload from generic dissector

tshark: RRC container in F1ap message not decoded [closed]