PGW snooper for M3UA/SCTP

Answered Question
Jul 29th, 2010

Has anyone been able to use the PGW snooper application to capture M3UA/SCTP traffic? I've tried to select the port number in seedfile.txt but does not appear to work. Any help and seedfile entries would be appreciated.

I have this problem too.
0 votes
Correct Answer by scpage about 6 years 4 months ago

Sigtran wasn't supported in snooper.  It was later supported in the successor product named PTC-MT.  Neither supported at this time.

The alternative is to just use the Unix command snoop and capture to file, then open in Wireshark.

i.e.

To start capture...

snoop -d -o port &    *Where int1 is output of "ifconfig -a" that carries signaling traffic for network1

snoop -d -o port &    *Where int2 is output of "ifconfig -a" that carries signaling traffic for network2

To stop capture...

pkill snoop

Pull both files and open first in Wireshark, then use Merge and merge both files chronologically.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
scpage Thu, 07/29/2010 - 11:51

Sigtran wasn't supported in snooper.  It was later supported in the successor product named PTC-MT.  Neither supported at this time.

The alternative is to just use the Unix command snoop and capture to file, then open in Wireshark.

i.e.

To start capture...

snoop -d -o port &    *Where int1 is output of "ifconfig -a" that carries signaling traffic for network1

snoop -d -o port &    *Where int2 is output of "ifconfig -a" that carries signaling traffic for network2

To stop capture...

pkill snoop

Pull both files and open first in Wireshark, then use Merge and merge both files chronologically.

econneely Wed, 08/04/2010 - 22:50

Yes, that works great - thanks. But I do have PCT-MT v2 and the release notes tell me it does support M3UA.

scpage Thu, 08/05/2010 - 12:37

I could only find version 1.1.  It seems to work there...

Add these to your seedfile (adjust the ports to match your SCTP port numbers and adjust ISUP variant)

*.*.*.* 2909 *.*.*.* 2909 SS7 M3UA ANSI RFC
*.*.*.* 2905 *.*.*.* 2905 SS7 M3UA ITU RFC

Then...

# ./ptcmt int bge1 ss7


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!                                                                                   !!!!
!!!!    Cisco Packet Telephony Center Monitoring and Troubleshooting Tool (PTC-MT)     !!!!
!!!!                                                                                   !!!!
!!!!    The software is for use only by or under the direct supervision of             !!!!
!!!!    authorized personnel or an authorized agent of Cisco Systems, Inc.  If you     !!!!
!!!!    are not an authorized Cisco agent or are not using the software under the      !!!!
!!!!    direct supervision of a Cisco agent, Cisco grants you no right or license to   !!!!
!!!!    this software, and you must immediately terminate your use of the software     !!!!
!!!!    and delete or return the software to Cisco. By continuing to use the           !!!!
!!!!    software, you represent that you are an agent of Cisco or that you are under   !!!!
!!!!    the direct supervision of an agent of Cisco authorized to use this             !!!!
!!!!    software.                                                                      !!!!
!!!!                                                                                   !!!!
!!!!    Please wait a little.... PTC-MT will start in less than 5 seconds.             !!!!
!!!!                                                                                   !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


**********************************************************
* 07 PTC-MT WARNING: Profile file "master.cfg" not found *
**********************************************************
********************************************************
* 07 PTC-MT WARNING: Profile file "user.cfg" not found *
********************************************************
***************************************************************
* 03 PTC-MT INFO: PTC-MT is listening on interface "bge1".... *
***************************************************************

----------------------
SS7 MESSAGES DISPLAY  
----------------------

                                                                Ser
Time stamp       OPC                  DPC                  Var  Ind.     Msg  Data   
-------------------------------------------------------------------------------------------------------
First packet received - 08/05/2010


15:42:06.021479  007-254-004          100-020-001          ANSI ISUP. -> RLC (10) CIC=00703 
                                                                         SLS=000 Pr:0 Ni:INTL

15:42:07.001552  007-254-004          100-020-001          ANSI ISUP. -> IAM (01) CIC=00703  CDPN=8193467450 CGPN=7034041234
                                                                         SLS=000 Pr:0 Ni:INTL

mstormi Tue, 08/17/2010 - 02:55

There were bugs in latest snooper/PTC-MT in M3UA decoding that you might hit.

I also vaguely recall that the SPARC version did work but the Opteron version simply

didn't output M3UA. That was more or less the latest version when Cisco stopped

development.

We moved to wireshark. There's a version available that can decode

proprietary stuff like EISUP or RLM, so there's no reason any more to stick with

snooper (although I, too, liked it better. In CLI mode, it's still much more handy

than wireshark is).

rgds

MS

Actions

This Discussion