SS7 traffic trace and capture


#1

Hello,

What kind of tools are you using for SS7 and Sigtran traffic capture?

Can you please also provide any capture examples?

For asterisk with chan_ss7.so there is an embedded “ss7 dump start” command, however that is missing in libss7.so

Thx


#2

You can try wireshark, ngrep?


#3

The problem is that wireshark, ngrep is capturing tcp, udp, sctp but not mtp, isup

In case that you know a way to capture ss7 traffic with them please provide examples, thx


#4

Sorry for late response. You can capture ss7 or any other protocol using wireshark and other sniffers
Here, check this out to do with wireshark
https://wiki.wireshark.org/SS7


#5

You can analyze with wireshark, but you need support from the protocol stack to capture.


#6

Thank you for replies, I should gave more details,

I have HPE servers with Digium TE420/TE820 cards,

How can I specify for sniffers to listen from that specific cards ?

“any” option is not working, as it listen only from network interfaces


#7

Here maybe I am wrong but Digium cards use T1 lines whereas Ethernet uses a different line.
Sniffers are meant to work with Ethernet cards only. So, I don’t think it will work as the protocols vary


#8

Yes, you are right

I’ve opened the topic in order to understand if there are any tools for capturing SS7 traffic from E1/T1 streams

Besides the embedded asterisk command “ss7 dump start” I couldn’t find any