Customize your wireshark Customize Wireshark columns
Transaction Capabilities Application Part (TCAP)Įach of these layer contains more parameters compared to IP.īesides, many small packet flags are critically important, such as M3UA Network Indicator (Coded on 1 Byte, it represents the type of SS7 link : Internal, National or International). Signalling Connection Control Part (SCCP). MTP Level 3 (MTP3) User Adaptation Layer (M3UA). Stream Control Transmission Protocol (SCTP). On typical SS7 traffic you face in order: 
Secondly, their are much more network layers involved in Telecom traffic than on usual IP only traffic.
Point Code + Sub-System Number (PC + SSN). Global Title + Sub-System Number (GT + SSN). Instead of only IP + port tuples to represent endpoints of IP communication, in SS7 you use Global Titles (GT), Point Codes (PC or SPC) and Sub-System Numbers (SSN), that can be used as follow: Why SS7 traffic is more complex to analyzeįirst, SS7 Addressing is more complex than IP : You see only one color for all different SS7 traffic types, because wireshark pre-configures coloring only for standard protocols. You cannot see the interesting addresses in packet list view due to different addressing in SS7 and multiple layers involved. Here is an example of SS7 traffic using default wireshark settings: The problem is that this configuration is not at all suitable for specific needs of Telecom traffic analysis, and does not give you a quick vision when you are working on an SS7 Pcap. Primary usage of wireshark is to visualize packets coming from traditional IP traffic, that is why default wireshark settings provides a relatively good overview of IP packets for most of the use cases.
0 kommentar(er)
