Live signalling capture by tbsigtrace

Revision as of 14:16, 13 November 2012

You can now activate tbsigtrace and pipe it directly in wireshark through SSH to get a live capture SS7, ISDN or IP (not all in the same wireshark window). The procedure is as following:

Download plink

  Download plink - http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe
  Place it in  C:\Program Files\Putty directory

Download tbsigtrace version 2.7

If not using version 2.7, download the attached tbsigtrace on unit (/root directory or any other valid directory)

Note: Unzip the file so that it gives you the executable file tbsigtrace_2_7_10_centos or tbsigtrace_2_7_10_ppc.

Upload tbsigtrace to toolpack server

Rename tbsigtrace_2_7_10_centos or tbsigtrace_2_7_10_ppc to "tbsigtrace_2_7_10" and upload it to the toolpack server /root directory or any other valid directory.

Execute the command to capture the signalling accordingly

For SS7 capture

 plink.exe -ssh root@[IP_of_management_port] -P [ssh_port] -pw [ssh_password] [dir]/tbsigtrace_2_7_10 -stdout -ss7 | "C:\Program Files\Wireshark\wireshark.exe" -k -i -
 
 ex. 
 plink.exe -ssh root@10.10.10.10 -P 22 -pw mypassword /root/tbsigtrace_2_7_10 -stdout -ss7 | "C:\Program Files\Wireshark\wireshark.exe" -k -i -

For ISDN capture

 plink.exe -ssh root@[IP_of_management_port] -P [ssh_port] -pw [ssh_password] [dir]/tbsigtrace_2_7_10 -stdout -isdn | "C:\Program Files\Wireshark\wireshark.exe" -k -i - 

 ex.
 plink.exe -ssh root@10.10.10.10 -P 22 -pw mypassword /root/tbsigtrace_2_7_10 -stdout -isdn | "C:\Program Files\Wireshark\wireshark.exe" -k -i -

For SIP or SIGTRAN capture

 plink.exe -ssh root@[IP_of_management_port] -P [ssh_port] -pw [ssh_password] [dir]/tbsigtrace_2_7_10 -stdout -ip | "C:\Program Files\Wireshark\wireshark.exe" -k -i -
 ex.
 plink.exe -ssh root@10.10.10.10 -P 22 -pw mypassword /root/tbsigtrace_2_7_10 -stdout -ip | "C:\Program Files\Wireshark\wireshark.exe" -k -i -