On Feb 1, 2008, at 1:15 PM, Kokab Naqvi wrote:
> I am a wireless GSM engineer. I am using a Data collection Software
> TEMS Investigation to access a 3G UMTS network for Voice, Video, FTP
> and HTTP calls through a TEST phone which is connected with my
> laptop by USB port. Apart of it I am also running the WIRESHARK in
> parellel to capture the packets.
>
> For FTP and HTTP ( Packet Switch Services ) . It works fine. When I
> make a FTP or HTTP connection, a new interface called as WAN (PPP/
> SLIP) , it creates and I capture the traffic and can see the all the
> packet information.
>
> The problem is with Circuit Switch calls like Voice and Video. I
> cannot see any new interface to capture when I make Voice or Video
> calls. I also tried to see the option for selecting the ports in
> WIRESHARK so that I could select the port with which my mobile is
> connected then WIRESHACK might be able to capture the traffic coming
> in and out of that port.But unfortuantely I was not able to see any
> option for PORTS.
The answer to the question you ask in the subject line depends on what
you mean by "support".
A *very* fundamental thing to bear in mind about Wireshark is that it
performs two separate functions:
1) capturing network traffic;
2) decoding network traffic.
The fact that Wireshark can capture a given type of network traffic
doesn't guarantee that it can completely dissect that traffic, and the
fact that Wireshark can dissect a given type of network traffic
doesn't guarantee that it can capture that type of traffic.
If some proprietary secret protocol is being sent over TCP on an
Ethernet, Wireshark will be able to capture that traffic, but it won't
be able to dissect the proprietary protocol, as, given that the
protocol is secret, unless somebody's managed to reverse-engineer the
protocol, it won't be possible to write a dissector for that protocol.
If Wireshark can read a capture file from some specialized piece of
capture hardware, it might be able to dissect all the protocols in
that capture file - however, there might not be any hardware on the
machine on which Wireshark is running to perform that capture.
In addition, there might be some protocols that can be carried atop
multiple other protocols, and Wireshark might be able to capture them
when they're carried atop some link layers but not when they're
carried atop other link layers.
Unless the firmware on your test phone can be put into a mode where it
directly passes a copy of its UMTS traffic to the host over the USB
connection, and unless there's a driver for your test phone that
allows an application on your machine to read that traffic, it will be
impossible to capture it with Wireshark. If such a driver exists, it
might be possible to extend libpcap/WinPcap to use that driver, and to
have Wireshark be able to read the type of traffic it would get from
libpcap/WinPcap.
I suspect your test phone is running the TEMS Pocket software:
http://www.ericsson.com/solutions/tems/realtime_diagnostics/pocket.shtml
http://www.ericsson.com/solutions/tems/realtime_diagnostics/downloads/tems_pocket_5.3.pdf
and I didn't see anything obvious there about being able to feed raw
traffic to the host. It does appear to have the ability to save some
information to a logfile, but I don't know whether that information
would be raw traffic or just statistical data. Wireshark doesn't know
anything about those logfiles; we'd either need a description of the
format of the files, or some of the files plus detailed information
about their contents (such as what the content of the captured
messages is) so that we can reverse-engineer that frmat, in order to
make Wireshark able to read them.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
