top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Capturing RRC messages using wireshark

+2 votes
3,762 views

I want to capture lte protocol stack messages for RLC,PDCP,MAC,RRC PDUs can any one help in integrating this feature with wireshark....

Analysis
1> After getting a UDP packet of stack I decoded as LTE-RRC directly but its showing wrong because all other layer header is not extracted ...

posted Oct 11, 2013 by anonymous

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button
RRC is already supported IN wireshark. Now as your requirement is you want to skip the lower layer headers i.e. PDCP/RLC/MAC so you may need to change rrc_dissector function (name can be different) and recompile the wireshark.
As we dont have RF so we are just sending packets through UDP from MAC/PHY ...

So i am clicking that packet and applying decode as then it is only having only option as lte-rrc though in preference setting of wireshark MAC-LTE,RLC-LTE,PDCP-LTE is present.

When i am directly decoding that packet as lte-rrc it is showing wrong too may be the reason it is a MAC/PHy packet and without removing those headers for MAC,RLC,PDCP i am decoding as RRC.

I also did in another way i encoded and RRC message and got that buffer and written an UDP server-client program(NOTE : -it is not going through any other layer here ) and sent that packet directly and decoded as lte-rrc still it is directly decoding as DL_CCCH channel i am thinking there may be he is unable to determine with what logical channel it has to decode....

can u tell where i am wrong ...

1 Answer

+1 vote

You can try to write the private dissector, look at http://anonsvn.wireshark.org/wireshark/trunk/doc/README.developer is apparently the "best manual" for dissector development. Take a look, and decide for yourself.

Skip the lower layer headers and then proceed with RRC Processing.

answer Oct 13, 2013 by Salil Agrawal
How i can skip the lower layer in case of wireshark...the packet (UDP) will be containing all lower layer header...until and unless i dont remove other lower layer header it can not decode for rrc.

To decode for rrc i have to remove all lower headers(MAC,RLC,PDCP) header ....so how can i remove those headers....and give rrc-pdu for decoding purpose....

Thanks
That's what the whole point, you need to skip the lower layer header and then proceed. Unfortunately no other way to achieve this.
Similar Questions
+2 votes

I am snipping RRC messages to a loop back address after encoding. And captured them using tcpdump. Now I want see all RRC messages using wireshark. But wireshark is interpreting all RRC messages as DL_CCCH message. How to make wireshark to select appropriate RRC dissector?

+1 vote

There is a use case in which two machines are located in same network or different network but both are reachable to each other.
Can remotely captured packets in one machine be seen in wireshark running in another machine on real time basis ?

...