Appearance
Skip to content
SS7
有关 SS7 的定义,请参见:http://en.wikipedia.org/wiki/SS7
有关 SS7 在移动电话中的使用的更多信息,请查看 GSM 标准/规范。
在 Wireshark 中抓取 SS7 流量
SS7 协议通常通过两种方式传输:通过 IP(SIGTRAN)或通过 TDM 链路(E1/T1/T3/J1)。
要抓取 SS7-over-IP,只需在相应的网络适配器上抓包;Wireshark 支持大多数用于通过 IP 传输 SS7 的 SIGTRAN 协议——SCTP、M2UA、M3UA、SUA——因此抓取 SS7 over IP 的方式与抓取任何其他 IP 协议相同。
要抓取 SS7-over-TDM,则需要专用硬件,以及经过修改以支持该硬件的 libpcap/WinPcap 版本。详情请参见 CaptureSetup/SS7 页面。
SS7 协议
SS7 协议栈由一组相关协议组成:
| ISUP | ALCAP | H248 | BSSAP | RANAP | MAP | INAP | CAMEL
| TCAP
| | SCCP | SUA
| | | MTP3b | MTP3 | M3UA
| SSCF-NNI | MTP2 | M2UA
| SCTP
| ATM | E1/T1/J1 | IP
| | | | | SS7
| | SIGTRAN
| | 应用协议
| | 传输
|
SIGTRAN 是一组用于在 IP 网络上传输信令(SS7)的协议。SIGTRAN 中的每个协议在逻辑上替代 SS7 协议栈中的一个协议(例如 M3UA 替代 MTP3)。
示例抓包文件
在 TDM 链路上抓取的 GSM MAP packet 示例。
No. Time Source Destination Protocol Info 2698 0.022371 7 2 GSM MAP Invoke processUnstructuredSS-RequestFrame 2698 (99 bytes on wire, 99 bytes captured) Arrival Time: Aug 12, 2005 14:39:35.572690000 Time delta from previous packet: 0.022371000 seconds Time since reference or first frame: 41.288610000 seconds Frame Number: 2698 Packet Length: 99 bytes Capture Length: 99 bytes Protocols in frame: mtp2:mtp3:sccp:tcap:gsm_mapMessage Transfer Part Level 2 .101 0101 = Backward sequence number: 85 1... .... = Backward indicator bit: 1 .101 1000 = Forward sequence number: 88 1... .... = Forward indicator bit: 1 ..11 1111 = Length Indicator: 63 00.. .... = Spare: 0Message Transfer Part Level 3 Service information octet 10.. .... = Network indicator: National network (0x02) ..00 .... = Spare: 0x00 .... 0011 = Service indicator: SCCP (0x03) Routing label .... .... .... .... ..00 0000 0000 0010 = DPC: 2 .... 0000 0000 0001 11.. .... .... .... = OPC: 7 0001 .... .... .... .... .... .... .... = Signalling Link Selector: 1Signalling Connection Control Part Message Type: Unitdata (0x09) .... 0000 = Class: 0x00 0000 .... = Message handling: No special options (0x00) Pointer to first Mandatory Variable parameter: 3 Pointer to second Mandatory Variable parameter: 5 Pointer to third Mandatory Variable parameter: 9 Called Party address (2 bytes) Address Indicator .1.. .... = Routing Indicator: Route on SSN (0x01) ..00 00.. = Global Title Indicator: No Global Title (0x00) .... ..1. = SubSystem Number Indicator: SSN present (0x01) .... ...0 = Point Code Indicator: Point Code not present (0x00) SubSystem Number: MSC (Mobile Switching Center) (8) Calling Party address (4 bytes) Address Indicator .1.. .... = Routing Indicator: Route on SSN (0x01) ..00 00.. = Global Title Indicator: No Global Title (0x00) .... ..1. = SubSystem Number Indicator: SSN present (0x01) .... ...1 = Point Code Indicator: Point Code present (0x01) ..00 0000 0000 0111 = PC: 7 SubSystem Number: ISDN User Part (3)Transaction Capabilities Application Part begin otid: 03C30300 dialoguePortion: 281C060700118605010101A011600F80020780A109060704... oid: 0.0.17.773.1.1.1 (itu-t(0) recommendation(0) q(17) 773 as(1) dialogue-as(1) version1(1)) dialog: 600F80020780A109060704000001001302 dialogueRequest Padding: 7 protocol-versionrq: 80 (version1) 1... .... = version1: True application-context-name: 0.4.0.0.1.0.19.2 components:GSM Mobile Application invoke invokeId: invokeid (0) invokeid: 1 invokeCmd: processUnstructuredSS-Request (59) ussd-DataCodingScheme: 00 ussd-String: AA182C368AC966B49A6D74C3E560 msisdn: 91030000 1... .... = Extension: No Extension .001 .... = Nature of number: International Number (0x01) .... 0001 = Number plan: ISDN/Telephony Numbering (Rec ITU-T E.164) (0x01) ISDN Address digits: 3000显示列中的 SS7 point codes
在 SS7 中,与源地址和目的地址等价的是“point codes”。Wireshark 允许在源地址和目的地址中用 point codes 替代 IP address 显示。要这样做,请进入 Edit/Preferences 菜单并选择 User Interface/Columns 条目。对于 Source 列,在下拉列表中选择 “Net Src addr”;对于 Destination 列,选择 “Net dest addr”。
外部链接
SS7/C7 tutorial/overview
SS7/C7 Discussion Forum
讨论
Imported from https://wiki.wireshark.org/SS7 on 2020-08-11 23:25:49 UTC