Difference between revisions of "OpenLI Testing Tools"
m |
m |
||
(4 intermediate revisions by the same user not shown) | |||
Line 5: | Line 5: | ||
yum install nc tcpdump | yum install nc tcpdump | ||
</code> | </code> | ||
+ | |||
+ | [[Wireshark]] | ||
+ | |||
+ | Export Packet Bytes from Wireshark, then pipe them to a collector. | ||
+ | |||
+ | <code>nc -u -n [ipaddress] [port] < radius_message.hex</code> | ||
+ | |||
+ | Use WAND tracereplay to replay a pcap file to an interface (will need to configure the collector to listen for the original IP and port as used in the capture) | ||
+ | |||
+ | <code>tracereplay -b pcap:[pcapfile.pcap] int:[interfacename]</code> | ||
+ | |||
+ | |||
===Pretending to be an LEA=== | ===Pretending to be an LEA=== | ||
Line 61: | Line 73: | ||
</pre> | </pre> | ||
+ | |||
+ | Convert ETSI HI3 (102.232) stream into a pcap | ||
+ | tracesplit etsilive:192.168.1.1:30003 pcapfile:myfirstpcap.pcap | ||
====Cyberprobe ==== | ====Cyberprobe ==== | ||
Line 74: | Line 89: | ||
Great visual tool, requires a licence (that is not that much), has the added benefit of validating most fields that they are valid (asn.1 and in relation to the schema) and includes decoding of related standards I.E SMS content and PSTN/POTS ISUP signalling. | Great visual tool, requires a licence (that is not that much), has the added benefit of validating most fields that they are valid (asn.1 and in relation to the schema) and includes decoding of related standards I.E SMS content and PSTN/POTS ISUP signalling. | ||
Can read asn.1 files (100MB files are ok) and PCAPs (doesnt format the information the same) - works really well as a man-in-the-middle (thus will need to use nc to accept the stream). | Can read asn.1 files (100MB files are ok) and PCAPs (doesnt format the information the same) - works really well as a man-in-the-middle (thus will need to use nc to accept the stream). | ||
+ | |||
+ | |||
+ | ====Axel==== | ||
+ | Use axel to download with x number of threads to maximise the throughput / ensure the collectors do not drop packets | ||
+ | https://github.com/axel-download-accelerator/axel |
Latest revision as of 01:08, 1 November 2023
Contents
OpenLI Testing Tools
General Tools
yum install nc tcpdump
Export Packet Bytes from Wireshark, then pipe them to a collector.
nc -u -n [ipaddress] [port] < radius_message.hex
Use WAND tracereplay to replay a pcap file to an interface (will need to configure the collector to listen for the original IP and port as used in the capture)
tracereplay -b pcap:[pcapfile.pcap] int:[interfacename]
Pretending to be an LEA
OpenLI / WAND Libtrace
Supports both HI2 and HI3
Warning: Shares the same code as OpenLI - Validate against the standards / a third party tool
yum install libtrace4-tools sudo tracepktdump etsilive:[IPADDRESS]:[PORT]
HI2 Sample:
Fri Nov 15 15:15:46 2019 Capture: Packet Length: 193/193 Direction Value: -1 ETSILI: pS-PDU: ETSILI: PSHeader: ETSILI: li-psDomainId: 0.4.0.2.2.5.1.17.0 ETSILI: lawfulInterceptionIdentifier: isplabneil2 ETSILI: authorizationCountryCode: NZ ETSILI: communicationIdentifier: ETSILI: networkIdentifier: ETSILI: operatorIdentifier: RSP123 ETSILI: networkElementIdentifier: ABC ETSILI: communicationIdentifier: 781285540 ETSILI: deliveryCountryCode: NZ ETSILI: sequenceNumber: 17 ETSILI: interceptionPointID: liprov1 ETSILI: microSecondTimeStamp: ETSILI: seconds: 1573784146 ETSILI: microSeconds: 257600 ETSILI: timeStampQualifier: timeOfInterception ETSILI: Payload: ETSILI: iRIPayloadSequence: ETSILI: IRIPayload: ETSILI: iRIType: IRI-Continue ETSILI: iRIContents: ETSILI: iPIRI: ETSILI: iPIRIObjId: .5.3.10.1 ETSILI: iPIRIContents: ETSILI: accessEventType: interimUpdate ETSILI: targetUsername: CUSTOMER12345768 ETSILI: internetAccessType: Fiber ETSILI: pOPPortNumber: 816 ETSILI: octetsReceived: 78442 ETSILI: octetsTransmitted: 78280 ETSILI: pOPIdentifier: ETSILI: printableIDType: isp-bng-2 ETSILI: pOPIPAddress: ETSILI: iP-type: IPv4 ETSILI: iP-value: ETSILI: iPBinaryAddress: 100.100.10.10 ETSILI: iP-assignment: Not Known ETSILI: iPv4SubnetMask: 255.255.255.255
Convert ETSI HI3 (102.232) stream into a pcap
tracesplit etsilive:192.168.1.1:30003 pcapfile:myfirstpcap.pcap
Cyberprobe
We only use a small part of the tool - but it will accept all HI3 IP CC packets and pipe it out in pcap format.
wget https://github.com/cybermaggedon/cyberprobe/releases/download/v1.9.11/centos-cyberprobe-1.9.11-1.el7.centos.x86_64.rpm yum install centos-cyberprobe-1.9.11-1.el7.centos.x86_64.rpm etsi-rcvr 44444 | tcpdump -n -r
asn1Browser
http://www.unigone.com/en/asn1-solutions/asn1browser/ Great visual tool, requires a licence (that is not that much), has the added benefit of validating most fields that they are valid (asn.1 and in relation to the schema) and includes decoding of related standards I.E SMS content and PSTN/POTS ISUP signalling. Can read asn.1 files (100MB files are ok) and PCAPs (doesnt format the information the same) - works really well as a man-in-the-middle (thus will need to use nc to accept the stream).
Axel
Use axel to download with x number of threads to maximise the throughput / ensure the collectors do not drop packets https://github.com/axel-download-accelerator/axel