2013/5/3 Kunc Ondrej DC <[email protected]>
> Hello Wireshark community!****
>
> ** **
>
> I need to decode BIP / CAT-TP protocol – and am desperately looking for
> any kind of either standalone SW or Wireshark plugin to read it – could you
> please advise if there such plugin or any way to decode it? The only
> reference to bip.dll [but maybe it’s just a coindicence of names] I’ve
> found is here
> http://article.gmane.org/gmane.network.wireshark.devel/9668/match=bip but
> it doesn’t help much – I have already written to Jorge but no reply so far.
> ****
>
> ** **
>
> Thanks a lot for coop / update and have a nice day everyone! :]****
>
> Ondrej
>
Ho Ondrej,
in Wireshark 1.10rc1 you have an ETSI CAT dissector embedded. You can call
it by providing directly the proactive command and indicating Wireshark how
to decode the payload.
For example let's take the following proactive command BER TLV:
D0 42 81 03 01 40 01 82 02 81 82 35 07 02 03 04 02 09 1F 02 39 02 05 78 47
0A 06 54 65 73 74 47 70 02 72 73 0D 08 F4 55 73 65 72 4C 6F 67 0D 08 F4 55
73 65 72 50 77 64 3C 03 02 AD 9C 3E 05 21 01 01 01 01
You can use text2pcap to build a pcap out of this text dump and select the
user specific DLT 147:
text2pcap -l 147 intput.txt output.pcap
Where input.txt is a text file containing the following line (note that I
removed the proactive command tag and the length):
0000 81 03 01 40 01 82 02 81 82 35 07 02 03 04 02 09 1F 02 39 02 05 78 47
0A 06 54 65 73 74 47 70 02 72 73 0D 08 F4 55 73 65 72 4C 6F 67 0D 08 F4 55
73 65 72 50 77 64 3C 03 02 AD 9C 3E 05 21 01 01 01 01 .
Then open the resulting pcap in Wireshark, select Edit -> Preferences ->
Protocols ->DLT_USER. Click on Edit -> New, select DLT User 0 (DLT=147),
and in the payload protocol enter etsi_cat and click on OK.
Now Wireshark knows how to dissect the payload and you should get the
following output:
Frame 1: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
DLT: 147, Payload: etsi_cat (Card Application Tookit ETSI TS 102.223)
Card Application Tookit ETSI TS 102.223
Command details: 014001
Command Number: 0x01
Command Type: OPEN CHANNEL (0x40)
Device identity: 8182
Source Device ID: SIM / USIM / UICC (0x81)
Destination Device ID: Terminal (Card Reader) (0x82)
Bearer description: 02030402091f02
Bearer Description: GPRS / UTRAN packet service / E-UTRAN (0x02)
Precedence Class: 3
Delay Class: 4
Reliability Class: 2
Peak Throughput Class: 9
Mean Throuhgput Class: 31
Packet Data Protocol Type: IP (Internet Protocol, IETF STD 5) (2)
Buffer size: 0578
Buffer Size: 1400
Network Access Name: 06546573744770027273
APN: TestGp.rs
Text string: f4557365724c6f67
Text String Encoding: GSM default alphabet, 8 bits (0xf4)
Text String: UserLog
Text string: f455736572507764
Text String Encoding: GSM default alphabet, 8 bits (0xf4)
Text String: UserPwd
UICC/terminal interface transport level: 02ad9c
Transport protocol type: TCP, UICC in client mode, remote
connection (0x02)
Transport port: 44444
Other address (data destination address): 2101010101
Coding of Type of address: IPv4 address (0x21)
IPv4 address: 1.1.1.1 (1.1.1.1)
You also have a GSM SIM dissector that can be used to perform the
dissection of the APDU and call the ETSI CAT dissector when needed. Simply
replace "etsi_cat" protocol name by "gsm_sim".
The following payload:
00 12 00 00 44 D0 42 81 03 01 40 01 82 02 81 82 35 07 02 03 04 02 09 1F 02
39 02 05 78 47 0A 06 54 65 73 74 47 70 02 72 73 0D 08 F4 55 73 65 72 4C 6F
67 0D 08 F4 55 73 65 72 50 77 64 3C 03 02 AD 9C 3E 05 21 01 01 01 01 90 00
Will be dissected as:
Frame 1: 75 bytes on wire (600 bits), 75 bytes captured (600 bits)
DLT: 147, Payload: gsm_sim (GSM SIM 11.11)
GSM SIM 11.11
Class: Unknown (0x00)
Instruction: FETCH (0x12)
Length of Expected Response Data: 68
BER-TLV Tag: Proactive Command (0xd0)
Card Application Tookit ETSI TS 102.223
Command details: 014001
Command Number: 0x01
Command Type: OPEN CHANNEL (0x40)
Device identity: 8182
Source Device ID: SIM / USIM / UICC (0x81)
Destination Device ID: Terminal (Card Reader) (0x82)
Bearer description: 02030402091f02
Bearer Description: GPRS / UTRAN packet service / E-UTRAN (0x02)
Precedence Class: 3
Delay Class: 4
Reliability Class: 2
Peak Throughput Class: 9
Mean Throuhgput Class: 31
Packet Data Protocol Type: IP (Internet Protocol, IETF STD 5)
(2)
Buffer size: 0578
Buffer Size: 1400
Network Access Name: 06546573744770027273
APN: TestGp.rs
Text string: f4557365724c6f67
Text String Encoding: GSM default alphabet, 8 bits (0xf4)
Text String: UserLog
Text string: f455736572507764
Text String Encoding: GSM default alphabet, 8 bits (0xf4)
Text String: UserPwd
UICC/terminal interface transport level: 02ad9c
Transport protocol type: TCP, UICC in client mode, remote
connection (0x02)
Transport port: 44444
Other address (data destination address): 2101010101
Coding of Type of address: IPv4 address (0x21)
IPv4 address: 1.1.1.1 (1.1.1.1)
Status Word: 9000 Normal ending of the command
Then you can easily script the call to text2pcap to automate the pcap
creation.
Have fun,
Pascal.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
