Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2735
Views
0
Helpful
4
Replies

PGW snooper for M3UA/SCTP

Go to solution
econneely
Level 1
Level 1

‎07-29-2010 06:43 AM

Has anyone been able to use the PGW snooper application to capture M3UA/SCTP traffic? I've tried to select the port number in seedfile.txt but does not appear to work. Any help and seedfile entries would be appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
scpage
Level 1
Level 1

‎07-29-2010 11:51 AM

Sigtran wasn't supported in snooper.  It was later supported in the successor product named PTC-MT.  Neither supported at this time.

The alternative is to just use the Unix command snoop and capture to file, then open in Wireshark.

i.e.

To start capture...

snoop -d -o port &    *Where int1 is output of "ifconfig -a" that carries signaling traffic for network1

snoop -d -o port &    *Where int2 is output of "ifconfig -a" that carries signaling traffic for network2

To stop capture...

pkill snoop

Pull both files and open first in Wireshark, then use Merge and merge both files chronologically.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
scpage
Level 1
Level 1

‎07-29-2010 11:51 AM

Sigtran wasn't supported in snooper.  It was later supported in the successor product named PTC-MT.  Neither supported at this time.

The alternative is to just use the Unix command snoop and capture to file, then open in Wireshark.

i.e.

To start capture...

snoop -d -o port &    *Where int1 is output of "ifconfig -a" that carries signaling traffic for network1

snoop -d -o port &    *Where int2 is output of "ifconfig -a" that carries signaling traffic for network2

To stop capture...

pkill snoop

Pull both files and open first in Wireshark, then use Merge and merge both files chronologically.

0 Helpful

Go to solution
econneely
Level 1
Level 1
In response to scpage

‎08-04-2010 10:50 PM

Yes, that works great - thanks. But I do have PCT-MT v2 and the release notes tell me it does support M3UA.

0 Helpful

Go to solution
scpage
Level 1
Level 1
In response to econneely

‎08-05-2010 12:37 PM

I could only find version 1.1.  It seems to work there...

Add these to your seedfile (adjust the ports to match your SCTP port numbers and adjust ISUP variant)

*.*.*.* 2909 *.*.*.* 2909 SS7 M3UA ANSI RFC
*.*.*.* 2905 *.*.*.* 2905 SS7 M3UA ITU RFC

Then...

# ./ptcmt int bge1 ss7


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!                                                                                   !!!!
!!!!    Cisco Packet Telephony Center Monitoring and Troubleshooting Tool (PTC-MT)     !!!!
!!!!                                                                                   !!!!
!!!!    The software is for use only by or under the direct supervision of             !!!!
!!!!    authorized personnel or an authorized agent of Cisco Systems, Inc.  If you     !!!!
!!!!    are not an authorized Cisco agent or are not using the software under the      !!!!
!!!!    direct supervision of a Cisco agent, Cisco grants you no right or license to   !!!!
!!!!    this software, and you must immediately terminate your use of the software     !!!!
!!!!    and delete or return the software to Cisco. By continuing to use the           !!!!
!!!!    software, you represent that you are an agent of Cisco or that you are under   !!!!
!!!!    the direct supervision of an agent of Cisco authorized to use this             !!!!
!!!!    software.                                                                      !!!!
!!!!                                                                                   !!!!
!!!!    Please wait a little.... PTC-MT will start in less than 5 seconds.             !!!!
!!!!                                                                                   !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


**********************************************************
* 07 PTC-MT WARNING: Profile file "master.cfg" not found *
**********************************************************
********************************************************
* 07 PTC-MT WARNING: Profile file "user.cfg" not found *
********************************************************
***************************************************************
* 03 PTC-MT INFO: PTC-MT is listening on interface "bge1".... *
***************************************************************

----------------------
SS7 MESSAGES DISPLAY  
----------------------

                                                                Ser
Time stamp       OPC                  DPC                  Var  Ind.     Msg  Data   
-------------------------------------------------------------------------------------------------------
First packet received - 08/05/2010


15:42:06.021479  007-254-004          100-020-001          ANSI ISUP. -> RLC (10) CIC=00703 
                                                                         SLS=000 Pr:0 Ni:INTL

15:42:07.001552  007-254-004          100-020-001          ANSI ISUP. -> IAM (01) CIC=00703  CDPN=8193467450 CGPN=7034041234
                                                                         SLS=000 Pr:0 Ni:INTL

0 Helpful

Go to solution
mstormi
Level 1
Level 1
In response to scpage

‎08-17-2010 02:55 AM

There were bugs in latest snooper/PTC-MT in M3UA decoding that you might hit.

I also vaguely recall that the SPARC version did work but the Opteron version simply

didn't output M3UA. That was more or less the latest version when Cisco stopped

development.

We moved to wireshark. There's a version available that can decode

proprietary stuff like EISUP or RLM, so there's no reason any more to stick with

snooper (although I, too, liked it better. In CLI mode, it's still much more handy

than wireshark is).

rgds

MS

0 Helpful
Customers Also Viewed These Support Documents