Get service response time on TCAP or GSM_MAP

asked 2024-06-26 11:56:52 +0000

ha gravatar image

I'm trying to get service response time from TCAP or GSM_MAP messages, similar to what is build in for DIAMETER.

I'm thinking of using MATE, e.g.

Pdu ss7_pdu Proto tcap Transport ip {
    Extract tid From tcap.tid;
    Extract tcap_begin From tcap.begin_element;
    Extract tcap_end From tcap.end_element;
};

Gop ss7_req On ss7_pdu Match (tid) {
    Start (tcap_begin);
    Stop (tcap_end);
};

Done;

To match messages, but unsure how to proceed and if it possible at all?

edit retag flag offensive close merge delete

Comments

Can you provide a sample capture (on a public file share) and update the question with a link to it.
A public sample like on the Wireshark wiki or one attached to a Gitlab issue (closed or open) would work also.

Being able to look at the same results as the MATE config evolves is very helpful.

Chuckc gravatar imageChuckc ( 2024-06-26 12:39:10 +0000 )edit

Maybe capture attached to 19409: Follow TCAP stream (Camel inside) will work?
(See notes in comments on how to set DLT table and heuristics for SCCP)

Chuckc gravatar imageChuckc ( 2024-06-26 13:24:22 +0000 )edit

Using the capture VS10.101715360038.pcap attached to issue #19409:
Add a column for mate.ss7_req.Time (named "ss7_req hold time") and mate.ss7_pdu.tid (named "tid").
Display filter of mate.ss7_req.Time.
Sort on tid column.

Chuckc gravatar imageChuckc ( 2024-06-26 13:47:24 +0000 )edit

Side project from looking at the MATE results
19897: Specify sort column in display filter

Chuckc gravatar imageChuckc ( 2024-06-26 17:00:25 +0000 )edit
add a comment