OpenLI Testing Tools

From neil.tappsville.com
Jump to navigationJump to search

OpenLI Testing Tools

General Tools

yum install nc tcpdump

Wireshark

Export Packet Bytes from Wireshark, then pipe them to a collector.

nc -u -n [ipaddress] [port] < radius_message.hex

Use WAND tracereplay to replay a pcap file to an interface (will need to configure the collector to listen for the original IP and port as used in the capture)

tracereplay -b pcap:[pcapfile.pcap] int:[interfacename]


Pretending to be an LEA

OpenLI / WAND Libtrace

Supports both HI2 and HI3

Warning: Shares the same code as OpenLI - Validate against the standards / a third party tool 

yum install libtrace4-tools 
sudo tracepktdump etsilive:[IPADDRESS]:[PORT]

HI2 Sample: 

Fri Nov 15 15:15:46 2019
 Capture: Packet Length: 193/193 Direction Value: -1
 ETSILI: pS-PDU:
 ETSILI:   PSHeader:
 ETSILI:     li-psDomainId: 0.4.0.2.2.5.1.17.0
 ETSILI:     lawfulInterceptionIdentifier: isplabneil2
 ETSILI:     authorizationCountryCode: NZ
 ETSILI:     communicationIdentifier:
 ETSILI:       networkIdentifier:
 ETSILI:         operatorIdentifier: RSP123
 ETSILI:         networkElementIdentifier: ABC
 ETSILI:       communicationIdentifier: 781285540
 ETSILI:       deliveryCountryCode: NZ
 ETSILI:     sequenceNumber: 17
 ETSILI:     interceptionPointID: liprov1
 ETSILI:     microSecondTimeStamp:
 ETSILI:       seconds: 1573784146
 ETSILI:       microSeconds: 257600
 ETSILI:     timeStampQualifier: timeOfInterception
 ETSILI:   Payload:
 ETSILI:     iRIPayloadSequence:
 ETSILI:       IRIPayload:
 ETSILI:         iRIType: IRI-Continue
 ETSILI:         iRIContents:
 ETSILI:           iPIRI:
 ETSILI:             iPIRIObjId: .5.3.10.1
 ETSILI:             iPIRIContents:
 ETSILI:               accessEventType: interimUpdate
 ETSILI:               targetUsername: CUSTOMER12345768
 ETSILI:               internetAccessType: Fiber
 ETSILI:               pOPPortNumber: 816
 ETSILI:               octetsReceived: 78442
 ETSILI:               octetsTransmitted: 78280
 ETSILI:               pOPIdentifier:
 ETSILI:                 printableIDType: isp-bng-2
 ETSILI:               pOPIPAddress:
 ETSILI:                 iP-type: IPv4
 ETSILI:                 iP-value:
 ETSILI:                   iPBinaryAddress: 100.100.10.10
 ETSILI:                 iP-assignment: Not Known
 ETSILI:                 iPv4SubnetMask: 255.255.255.255

Convert ETSI HI3 (102.232) stream into a pcap 

tracesplit etsilive:192.168.1.1:30003 pcapfile:myfirstpcap.pcap

Cyberprobe

We only use a small part of the tool - but it will accept all HI3 IP CC packets and pipe it out in pcap format. 

wget https://github.com/cybermaggedon/cyberprobe/releases/download/v1.9.11/centos-cyberprobe-1.9.11-1.el7.centos.x86_64.rpm
 yum install centos-cyberprobe-1.9.11-1.el7.centos.x86_64.rpm
etsi-rcvr 44444 | tcpdump -n -r

asn1Browser

http://www.unigone.com/en/asn1-solutions/asn1browser/ Great visual tool, requires a licence (that is not that much), has the added benefit of validating most fields that they are valid (asn.1 and in relation to the schema) and includes decoding of related standards I.E SMS content and PSTN/POTS ISUP signalling. Can read asn.1 files (100MB files are ok) and PCAPs (doesnt format the information the same) - works really well as a man-in-the-middle (thus will need to use nc to accept the stream).


Axel

Use axel to download with x number of threads to maximise the throughput / ensure the collectors do not drop packets https://github.com/axel-download-accelerator/axel

Retrieved from "https://neil.tappsville.com/index.php?title=OpenLI_Testing_Tools&oldid=715"