Wireshark是可以解析LTE的空口数据。但是在wireshark的实现中,这些数据都是被封装到UDP报文中。然后根据wireshark的格式文件对LTE的数据加上头信息。头信息的定义参考附件packet-mac-lte.h文件

大致结构如下:

typedef struct mac_lte_info

{

/* Needed for decode */

guint8          radioType;

guint8          direction;

guint8          rntiType;

/* Extra info to display */

guint16         rnti;

guint16         ueid;

/* Timing info */

guint16         sysframeNumber;

guint16         subframeNumber;

gboolean        sfnSfInfoPresent;

/* Optional field. More interesting for TDD (FDD is always -4 subframeNumber) */

gboolean        subframeNumberOfGrantPresent;

guint16         subframeNumberOfGrant;

/* Flag set only if doing PHY-level data test - i.e. there may not be a

well-formed MAC PDU so just show as raw data */

gboolean        isPredefinedData;

/* Length of DL PDU or UL grant size in bytes */

guint16         length;

/* 0=newTx, 1=first-retx, etc */

guint8          reTxCount;

guint8          isPHICHNACK; /* FALSE=PDCCH retx grant, TRUE=PHICH NACK */

/* UL only.  Indicates if the R10 extendedBSR-Sizes parameter is set */

gboolean        isExtendedBSRSizes;

/* UL only.  Indicates if the R10 simultaneousPUCCH-PUSCH parameter is set for PCell */

gboolean        isSimultPUCCHPUSCHPCell;

/* UL only.  Indicates if the R10 extendedBSR-Sizes parameter is set for PSCell */

gboolean        isSimultPUCCHPUSCHPSCell;

/* Status of CRC check. For UE it is DL only. For eNodeB it is UL

only. For an analyzer, it is present for both DL and UL. */

gboolean        crcStatusValid;

mac_lte_crc_status crcStatus;

/* Carrier ID */

mac_lte_carrier_id   carrierId;

/* DL only.  Is this known to be a retransmission? */

mac_lte_dl_retx dl_retx;

/* DL only. CE mode to be used for RAR decoding */

mac_lte_ce_mode ceMode;

/* DL and UL. NB-IoT mode of the UE */

mac_lte_nb_mode nbMode;

/* UL only, for now used for CE mode A RAR decoding */

guint8          nUlRb;

/* More Physical layer info (see direction above for which side of union to use) */

union {

struct mac_lte_ul_phy_info

{

guint8 present;  /* Remaining UL fields are present and should be displayed */

guint8 modulation_type;

guint8 tbs_index;

guint8 resource_block_length;

guint8 resource_block_start;

guint8 harq_id;

gboolean ndi;

} ul_info;

struct mac_lte_dl_phy_info

{

guint8 present; /* Remaining DL fields are present and should be displayed */

guint8 dci_format;

guint8 resource_allocation_type;

guint8 aggregation_level;

guint8 mcs_index;

guint8 redundancy_version_index;

guint8 resource_block_length;

guint8 harq_id;

gboolean ndi;

guint8   transport_block;  /* 0..1 */

} dl_info;

} detailed_phy_info;

/* Relating to out-of-band events */

/* N.B. dissector will only look to these fields if length is 0... */

mac_lte_oob_event  oob_event;

guint8             rapid;

guint8             rach_attempt_number;

#define MAX_SRs 20

guint16            number_of_srs;

guint16            oob_ueid[MAX_SRs];

guint16            oob_rnti[MAX_SRs];

} mac_lte_info;

在进行头信息编码的时候,每个值都有一个TAG对应。TAG的定义如下

#define MAC_LTE_RNTI_TAG            0x02

/* 2 bytes, network order */

#define MAC_LTE_UEID_TAG            0x03

/* 2 bytes, network order */

#define MAC_LTE_FRAME_SUBFRAME_TAG  0x04

/* 2 bytes, network order, SFN is stored in 12 MSB and SF in 4 LSB */

#define MAC_LTE_PREDEFINED_DATA_TAG 0x05

/* 1 byte */

#define MAC_LTE_RETX_TAG            0x06

/* 1 byte */

#define MAC_LTE_CRC_STATUS_TAG      0x07

/* 1 byte */

#define MAC_LTE_EXT_BSR_SIZES_TAG   0x08

/* 0 byte */

#define MAC_LTE_SEND_PREAMBLE_TAG   0x09

/* 2 bytes, RAPID value (1 byte) followed by RACH attempt number (1 byte) */

#define MAC_LTE_CARRIER_ID_TAG      0x0A

/* 1 byte */

#define MAC_LTE_PHY_TAG             0x0B

/* variable length, length (1 byte) then depending on direction

in UL: modulation type (1 byte), TBS index (1 byte), RB length (1 byte),

RB start (1 byte), HARQ id (1 byte), NDI (1 byte)

in DL: DCI format (1 byte), resource allocation type (1 byte), aggregation level (1 byte),

MCS index (1 byte), redundancy version (1 byte), resource block length (1 byte),

HARQ id (1 byte), NDI (1 byte), TB (1 byte), DL reTx (1 byte) */

#define MAC_LTE_SIMULT_PUCCH_PUSCH_PCELL_TAG  0x0C

/* 0 byte */

#define MAC_LTE_SIMULT_PUCCH_PUSCH_PSCELL_TAG 0x0D

/* 0 byte */

#define MAC_LTE_CE_MODE_TAG         0x0E

/* 1 byte containing mac_lte_ce_mode enum value */

#define MAC_LTE_NB_MODE_TAG         0x0F

/* 1 byte containing mac_lte_nb_mode enum value */

#define MAC_LTE_N_UL_RB_TAG         0x10

/* 1 byte containing the number of UL resource blocks: 6, 15, 25, 50, 75 or 100 */

#define MAC_LTE_SR_TAG              0x11

/* 2 bytes for the number of items, followed by that number of ueid, rnti (2 bytes each) */

/* MAC PDU. Following this tag comes the actual MAC PDU (there is no length, the PDU

continues until the end of the frame) */

#define MAC_LTE_PAYLOAD_TAG 0x01

在编码前需要再加上一个头MAC_LTE_START_STRING=” mac-lte”。这个是用来指示封装的什么数据。Wireshark可以解析的有MAC-LTERLC-LTEPDCP-LTE。其中MAC-LTE已经包含了RLC以及PDCP的数据。如果只是想解析RLC-LTE的数据。那么就指定RLC_LTE_START_STRING=” rlc-lte”。同理PDCP-LTE的数据,PDCP_LTE_START_STRING=” pdcp-lte”.

下面来看对应的代码:

参数的定义:

packet:LTE空口数据(RRC+PDCP+RLC+MAC)

direction:上行消息还是下行消息

rntiType:rnti的类型。

from scapy import *

def Write_info_to_pcap(direction,rntiType,packet):

    try:

        src_addr='192.168.0.1'

        dst_addr='192.168.0.1       
CRNTI_dict={b'\x00':b'\x00\x00',b'\x01':b'\xFF\xFE',b'\x02':b'\x05\x00',b'\x03':b'\x05\x00',b'\x04':b'\xFF\xFF'} MAC_LTE_START_STRING = b"mac-lte" radioType = b'\x01' DIRECTION = direction C_RNTI = rntiType MAC_LTE_RNTI_TAG = b'\x02' rnti = CRNTI_dict[rntiType] MAC_LTE_UEID_TAG = b'\x03' UEID = b'\x65\x00' MAC_LTE_SUBFRAME_TAG = b'\x04' subframe = b'\x01\x00' MAC_LTE_CRC_STATUS_TAG = b'\x07' crcStatus = b'\x01' MAC_LTE_NB_MODE_TAG = b'\x0F' nb_mode_value = b'\x01' MAC_LTE_PREDFINED_DATA_TAG=b'\x05' isPredefinedData=b'\x00' MAC_LTE_PAYLOAD_TAG = b'\x01' payload = MAC_LTE_START_STRING + radioType + DIRECTION + C_RNTI + MAC_LTE_RNTI_TAG \ + rnti + MAC_LTE_UEID_TAG + UEID + MAC_LTE_SUBFRAME_TAG + \ subframe + MAC_LTE_CRC_STATUS_TAG + crcStatus + \ MAC_LTE_NB_MODE_TAG + nb_mode_value + MAC_LTE_PREDFINED_DATA_TAG + \ isPredefinedData + MAC_LTE_PAYLOAD_TAG + packet pcap_packet = IP(tos=169, src=src_addr, dst=dst_addr, proto=17) / UDP(sport=61300, dport=10000) / payload wrpcap(“lte-mac.pcap”, pcap_packet, append=True) except BaseException as e: write_info_in_log(log_handle,"Write_info_to_pcap_error:"+str(e))

最后在wireshark对应的设置:

1编辑->首选项->Protocols->UDP-> Try heuristic sub-dissectors first

2分析->启用的协议->全部启用->搜索skype相关的配置去除->ok;设置“全部启用"主要是为了启用LTE的消息解析库,也可以只增加LTE消息解析的启用。

这样,wireshark上就可以解析到对应的空口数据了

python构造wireshark可以解析的LTE空口数据-LMLPHP

05-21 06:17