Difference between revisions of "OpenLI Testing Tools"
From neil.tappsville.com
Jump to navigationJump to searchm |
m |
||
| Line 11: | Line 11: | ||
Warning: Shares the same code as OpenLI - Validate against the standards / a third party tool | Warning: Shares the same code as OpenLI - Validate against the standards / a third party tool | ||
<pre> | <pre> | ||
| − | yum install libtrace4-tools | + | yum install libtrace4-tools |
sudo tracepktdump etsilive:[IPADDRESS]:[PORT] | sudo tracepktdump etsilive:[IPADDRESS]:[PORT] | ||
</pre> | </pre> | ||
| + | HI2 Sample: | ||
| + | <pre> | ||
| + | Fri Nov 15 15:15:46 2019 | ||
| + | Capture: Packet Length: 193/193 Direction Value: -1 | ||
| + | ETSILI: pS-PDU: | ||
| + | ETSILI: PSHeader: | ||
| + | ETSILI: li-psDomainId: 0.4.0.2.2.5.1.17.0 | ||
| + | ETSILI: lawfulInterceptionIdentifier: isplabneil2 | ||
| + | ETSILI: authorizationCountryCode: NZ | ||
| + | ETSILI: communicationIdentifier: | ||
| + | ETSILI: networkIdentifier: | ||
| + | ETSILI: operatorIdentifier: RSP123 | ||
| + | ETSILI: networkElementIdentifier: ABC | ||
| + | ETSILI: communicationIdentifier: 781285540 | ||
| + | ETSILI: deliveryCountryCode: NZ | ||
| + | ETSILI: sequenceNumber: 17 | ||
| + | ETSILI: interceptionPointID: liprov1 | ||
| + | ETSILI: microSecondTimeStamp: | ||
| + | ETSILI: seconds: 1573784146 | ||
| + | ETSILI: microSeconds: 257600 | ||
| + | ETSILI: timeStampQualifier: timeOfInterception | ||
| + | ETSILI: Payload: | ||
| + | ETSILI: iRIPayloadSequence: | ||
| + | ETSILI: IRIPayload: | ||
| + | ETSILI: iRIType: IRI-Continue | ||
| + | ETSILI: iRIContents: | ||
| + | ETSILI: iPIRI: | ||
| + | ETSILI: iPIRIObjId: .5.3.10.1 | ||
| + | ETSILI: iPIRIContents: | ||
| + | ETSILI: accessEventType: interimUpdate | ||
| + | ETSILI: targetUsername: CUSTOMER12345768 | ||
| + | ETSILI: internetAccessType: Fiber | ||
| + | ETSILI: pOPPortNumber: 816 | ||
| + | ETSILI: octetsReceived: 78442 | ||
| + | ETSILI: octetsTransmitted: 78280 | ||
| + | ETSILI: pOPIdentifier: | ||
| + | ETSILI: printableIDType: isp-bng-2 | ||
| + | ETSILI: pOPIPAddress: | ||
| + | ETSILI: iP-type: IPv4 | ||
| + | ETSILI: iP-value: | ||
| + | ETSILI: iPBinaryAddress: 100.100.10.10 | ||
| + | ETSILI: iP-assignment: Not Known | ||
| + | ETSILI: iPv4SubnetMask: 255.255.255.255 | ||
| + | </pre> | ||
Cyberprobe | Cyberprobe | ||
Revision as of 20:24, 26 November 2019
OpenLI Testing Tools
General Tools
yum install nc tcpdump
Pretending to be an LEA
Using OpenLI / WAND decode - Works for HI2 and HI3 Warning: Shares the same code as OpenLI - Validate against the standards / a third party tool
yum install libtrace4-tools sudo tracepktdump etsilive:[IPADDRESS]:[PORT]
HI2 Sample:
Fri Nov 15 15:15:46 2019 Capture: Packet Length: 193/193 Direction Value: -1 ETSILI: pS-PDU: ETSILI: PSHeader: ETSILI: li-psDomainId: 0.4.0.2.2.5.1.17.0 ETSILI: lawfulInterceptionIdentifier: isplabneil2 ETSILI: authorizationCountryCode: NZ ETSILI: communicationIdentifier: ETSILI: networkIdentifier: ETSILI: operatorIdentifier: RSP123 ETSILI: networkElementIdentifier: ABC ETSILI: communicationIdentifier: 781285540 ETSILI: deliveryCountryCode: NZ ETSILI: sequenceNumber: 17 ETSILI: interceptionPointID: liprov1 ETSILI: microSecondTimeStamp: ETSILI: seconds: 1573784146 ETSILI: microSeconds: 257600 ETSILI: timeStampQualifier: timeOfInterception ETSILI: Payload: ETSILI: iRIPayloadSequence: ETSILI: IRIPayload: ETSILI: iRIType: IRI-Continue ETSILI: iRIContents: ETSILI: iPIRI: ETSILI: iPIRIObjId: .5.3.10.1 ETSILI: iPIRIContents: ETSILI: accessEventType: interimUpdate ETSILI: targetUsername: CUSTOMER12345768 ETSILI: internetAccessType: Fiber ETSILI: pOPPortNumber: 816 ETSILI: octetsReceived: 78442 ETSILI: octetsTransmitted: 78280 ETSILI: pOPIdentifier: ETSILI: printableIDType: isp-bng-2 ETSILI: pOPIPAddress: ETSILI: iP-type: IPv4 ETSILI: iP-value: ETSILI: iPBinaryAddress: 100.100.10.10 ETSILI: iP-assignment: Not Known ETSILI: iPv4SubnetMask: 255.255.255.255
Cyberprobe We only use a small part of the tool - but it will accept all HI3 IP CC packets and pipe it out in pcap format.
wget https://github.com/cybermaggedon/cyberprobe/releases/download/v1.9.11/centos-cyberprobe-1.9.11-1.el7.centos.x86_64.rpm yum install centos-cyberprobe-1.9.11-1.el7.centos.x86_64.rpm etsi-rcvr 44444 | tcpdump -n -r
