OpenLI Testing Tools
Contents
OpenLI Testing Tools
General Tools
yum install nc tcpdump
Export Packet Bytes from Wireshark, then pipe them to a collector.
nc -u -n [ipaddress] [port] < radius_message.hex
Use WAND tracereplay to replay a pcap file to an interface (will need to configure the collector to listen for the original IP and port as used in the capture)
tracereplay -b pcap:[pcapfile.pcap] int:[interfacename]
Pretending to be an LEA
OpenLI / WAND Libtrace
Supports both HI2 and HI3
Warning: Shares the same code as OpenLI - Validate against the standards / a third party tool
yum install libtrace4-tools sudo tracepktdump etsilive:[IPADDRESS]:[PORT]
HI2 Sample:
Fri Nov 15 15:15:46 2019 Capture: Packet Length: 193/193 Direction Value: -1 ETSILI: pS-PDU: ETSILI: PSHeader: ETSILI: li-psDomainId: 0.4.0.2.2.5.1.17.0 ETSILI: lawfulInterceptionIdentifier: isplabneil2 ETSILI: authorizationCountryCode: NZ ETSILI: communicationIdentifier: ETSILI: networkIdentifier: ETSILI: operatorIdentifier: RSP123 ETSILI: networkElementIdentifier: ABC ETSILI: communicationIdentifier: 781285540 ETSILI: deliveryCountryCode: NZ ETSILI: sequenceNumber: 17 ETSILI: interceptionPointID: liprov1 ETSILI: microSecondTimeStamp: ETSILI: seconds: 1573784146 ETSILI: microSeconds: 257600 ETSILI: timeStampQualifier: timeOfInterception ETSILI: Payload: ETSILI: iRIPayloadSequence: ETSILI: IRIPayload: ETSILI: iRIType: IRI-Continue ETSILI: iRIContents: ETSILI: iPIRI: ETSILI: iPIRIObjId: .5.3.10.1 ETSILI: iPIRIContents: ETSILI: accessEventType: interimUpdate ETSILI: targetUsername: CUSTOMER12345768 ETSILI: internetAccessType: Fiber ETSILI: pOPPortNumber: 816 ETSILI: octetsReceived: 78442 ETSILI: octetsTransmitted: 78280 ETSILI: pOPIdentifier: ETSILI: printableIDType: isp-bng-2 ETSILI: pOPIPAddress: ETSILI: iP-type: IPv4 ETSILI: iP-value: ETSILI: iPBinaryAddress: 100.100.10.10 ETSILI: iP-assignment: Not Known ETSILI: iPv4SubnetMask: 255.255.255.255
Cyberprobe
We only use a small part of the tool - but it will accept all HI3 IP CC packets and pipe it out in pcap format.
wget https://github.com/cybermaggedon/cyberprobe/releases/download/v1.9.11/centos-cyberprobe-1.9.11-1.el7.centos.x86_64.rpm yum install centos-cyberprobe-1.9.11-1.el7.centos.x86_64.rpm etsi-rcvr 44444 | tcpdump -n -r
asn1Browser
http://www.unigone.com/en/asn1-solutions/asn1browser/ Great visual tool, requires a licence (that is not that much), has the added benefit of validating most fields that they are valid (asn.1 and in relation to the schema) and includes decoding of related standards I.E SMS content and PSTN/POTS ISUP signalling. Can read asn.1 files (100MB files are ok) and PCAPs (doesnt format the information the same) - works really well as a man-in-the-middle (thus will need to use nc to accept the stream).