Ss7: Difference between revisions

From VoIPmonitor.org
Jump to navigation Jump to search
(Created page with "SS7 / IS UP To enable parsing of ISUP packets you need to use voipmonitor including wireshark libs =Generic ss7 ISUP support= ==sniffer binary== ===download static binary===...")
 
No edit summary
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
SS7 / IS UP
{{DISPLAYTITLE:Monitoring SS7 and ISUP Traffic}}
To enable parsing of ISUP packets you need to use voipmonitor including wireshark libs


=Generic ss7 ISUP support=
'''This guide explains how to configure VoIPmonitor to capture and analyze SS7 (Signaling System 7) and ISUP (ISDN User Part) traffic. This is an advanced feature that requires a special build of the VoIPmonitor sensor integrated with the Wireshark dissection engine.'''
==sniffer binary==
===download static binary===
you can download it from [[https://sourceforge.net/projects/voipmonitor/files/ sourceforge]]
the binary voipmonitor-wireshark-amd is the one that you need to be used (download it, unpack and place it to /usr/local/sbin/voipmonitor)


===make from sources===
== Overview ==
or you can get sources using git and then use make ss7 to build voipmonitor including wireshark libs
To decode the complex protocols within the SS7 suite, VoIPmonitor leverages the powerful and mature dissection libraries from the Wireshark project. This requires using a specific version of the sensor binary that has these libraries compiled into it.


git clone https://github.com/voipmonitor/sniffer.git ./sniffer-git
This guide covers two primary scenarios:
cd sniffer-git
*'''Generic ISUP Support:''' For standard ISUP over M2UA/M3UA traffic.
./configure
*'''Sonus STP Support:''' For specialized traffic from Sonus (now Ribbon) Signal Transfer Points, which requires additional configuration and LUA plugins.
make ss7


== Prerequisites: Getting the Correct Sniffer Binary ==
Standard VoIPmonitor sensor binaries do '''not''' include SS7 support. You must obtain a "Wireshark" build using one of the following methods.


==sniffer settings /etc/voipmonitor.conf==
=== Method 1: Download Pre-compiled Static Binary (Recommended) ===
add following option to sniffer's config
Special builds that include Wireshark are available for download. Look for a file with "wireshark" in its name.
ss7=yes
* '''Download Location:''' [https://www.voipmonitor.org/download Download Page] or historical versions on [https://sourceforge.net/projects/voipmonitor/files/ SourceForge].
* '''Example File Name:''' <code>voipmonitor-wireshark-amd64-VERSION-static.tar.gz</code>
* '''Installation:''' After downloading, extract the archive and replace your existing `/usr/local/sbin/voipmonitor` binary with the new one from the package.


==GUI's settings==
=== Method 2: Compile from Source ===
There is no need to do any changes - there will appears new section SS7 in the GUI's menu after first SS7 call stored in to ss7 table in db.
For full control or if a static binary is not available for your platform, you can compile it from source.
<pre>
# Clone the sniffer source code from GitHub
git clone https://github.com/voipmonitor/sniffer.git
cd sniffer


=Sonus STPs SS7=
# Configure and build with the 'ss7' target
==sniffer binary==
./configure
===make from sources===
make ss7
you need to get sources using git and then use make ss7 to build voipmonitor including wireshark libs (static binary cannot be used)
make install
</pre>
This process will link the sniffer with your system's Wireshark libraries.


==sniffer settings /etc/voipmonitor.conf==
== Scenario 1: Generic ISUP Support ==
enable following options in sniffer's service config
This setup is for monitoring standard ISUP traffic over protocols like M3UA.
ss7 = yes
ss7port = 7377
ss7callid = cic
ws_param = mtp3.heuristic_standard:TRUE
ws_param = mtp3.standard:ANSI
ws_param = mtp3.itu_pc_structure:3-8-3


==GUI's settings /var/www/html/config/configuration.php==
=== Step 1: Sniffer Configuration ===
GUI requires additional options added to its configuration.php file:
Enable SS7 processing in `/etc/voipmonitor.conf`.
define("TSHARK_PATHNAME", "tshark");
<pre>
define("TSHARK_PARAMS_SS7_SONUS", "mtp3.heuristic_standard:TRUE;mtp3.standard:ANSI;mtp3.itu_pc_structure:3-8-3");
# /etc/voipmonitor.conf


==add and configure tshark with lua plugins==
ss7 = yes
in usr/share/wireshark (or /usr/local/share/wireshark) create the file **init.lua** that contains
dofile(DATA_DIR.."sonuscm.1.12.lua")
dofile(DATA_DIR.."sonusimf.1.12.lua")


upload the lua files to same directory, here is the link for download[[LUAPLUGINS]]
# Optional: If your SS7 traffic runs on a non-standard port, define it here.
# ss7_rudp_port = 7000
</pre>


=== Step 2: GUI Configuration ===
No special configuration is needed in the GUI. Once the first SS7 call is captured and stored in the database's `ss7` table, a new "SS7" section will automatically appear in the main menu.


==testing==
== Scenario 2: Sonus STP SS7 Support ==
tshark -o 'mtp3.heuristic_standard:TRUE' -o 'mtp3.standard:ANSI' -o 'mtp3.itu_pc_structure:3-8-3' -r imf_sample.pcap -T json 'frame.number==22'
This is a specialized configuration for traffic from Sonus/Ribbon STPs, which requires specific dissector parameters and custom LUA plugins for Wireshark.
then wipe the packet #22 and use for voipmonitor upload  - the output of tshark and voipmonitor should be same:
 
voipmonitor --config-file=./config/voipmonitor.conf -p XobmuJ -b voipmonitor_ipv6 -k -v1,dump_packets_via_wireshark -r imf_sample_frame22.pcap --json_config='[{"ws_param":"mtp3.heuristic_standard:TRUE"},{"ws_param":"mtp3.standard: ANSI"},{"ws_param":"mtp3.itu_pc_structure: 3-8-3"},{"ss7":"yes"},{"ss7port":"7377"},{"ss7callid":"cic"}]'
=== Step 1: Sniffer Configuration ===
In addition to enabling SS7, you must provide specific parameters for the Wireshark dissector.
<pre>
# /etc/voipmonitor.conf
 
ss7      = yes
ss7port  = 7377      # Port for Sonus SS7 traffic
ss7callid = cic      # Use the Circuit Identification Code as the call identifier
 
# These parameters are passed directly to the internal Wireshark engine
ws_param = mtp3.heuristic_standard:TRUE
ws_param = mtp3.standard:ANSI
ws_param = mtp3.itu_pc_structure:3-8-3
</pre>
 
=== Step 2: Wireshark LUA Plugin Configuration ===
VoIPmonitor uses custom LUA scripts to properly decode proprietary Sonus headers.
# '''Locate your Wireshark plugins directory.''' This is typically `/usr/share/wireshark/` or `/usr/local/share/wireshark/`.
# '''Copy the LUA scripts.''' The required scripts, `sonuscm.1.12.lua` and `sonusimf.1.12.lua`, are located in the `scripts/ss7/lua/` subdirectory of the VoIPmonitor sniffer source code you cloned earlier. Copy them into the Wireshark plugins directory.
# '''Enable the plugins.''' Edit the `init.lua` file in the Wireshark plugins directory and add the following lines to the end:
<pre>
-- Load VoIPmonitor's custom Sonus dissector plugins
dofile(DATA_DIR.."sonuscm.1.12.lua")
dofile(DATA_DIR.."sonusimf.1.12.lua")
</pre>
 
=== Step 3: GUI Configuration ===
The GUI also needs to know how to invoke `tshark` (the command-line version of Wireshark) with the correct parameters to display decoded packets.
;Edit `/var/www/html/config/configuration.php` and add the following lines:
<pre>
<?php
// /var/www/html/config/configuration.php
 
define("TSHARK_PATHNAME", "tshark");
define("TSHARK_PARAMS_SS7_SONUS", "mtp3.heuristic_standard:TRUE;mtp3.standard:ANSI;mtp3.itu_pc_structure:3-8-3");
</pre>
 
== AI Summary for RAG ==
'''Summary:''' This guide explains how to configure VoIPmonitor to analyze SS7 and ISUP traffic. It clarifies that this functionality requires a special sniffer binary that is compiled with Wireshark's dissection libraries. It outlines two methods for obtaining this binary: downloading a pre-compiled "wireshark" static build or compiling from source with the `make ss7` target. The article then details two primary configuration scenarios. The first is for "Generic ISUP Support," which only requires setting `ss7=yes` in `voipmonitor.conf`. The second, more complex scenario is for "Sonus STP SS7 Support," which involves additional steps: setting specific `ws_param` options (like `mtp3.standard:ANSI`) in `voipmonitor.conf`, installing custom Sonus LUA plugins into the system's Wireshark directory, and defining `TSHARK_PARAMS_SS7_SONUS` in the GUI's `configuration.php` to enable correct packet display.
'''Keywords:''' ss7, isup, sigtran, m3ua, sonus, ribbon, stp, wireshark, tshark, dissector, lua plugin, `ws_param`, `ss7=yes`, `make ss7`, `TSHARK_PARAMS_SS7_SONUS`, cic, ansi, itu
'''Key Questions:'''
* How can I monitor SS7 or ISUP traffic with VoIPmonitor?
* Why do I need a special "wireshark" version of the sniffer?
* How do I configure VoIPmonitor for a Sonus/Ribbon STP?
* Where do I install the Wireshark LUA plugins for Sonus decoding?
* What `voipmonitor.conf` settings are required for SS7?
* How to compile VoIPmonitor with SS7 support?
* What does the `ws_param` configuration option do?

Latest revision as of 17:04, 30 June 2025


This guide explains how to configure VoIPmonitor to capture and analyze SS7 (Signaling System 7) and ISUP (ISDN User Part) traffic. This is an advanced feature that requires a special build of the VoIPmonitor sensor integrated with the Wireshark dissection engine.

Overview

To decode the complex protocols within the SS7 suite, VoIPmonitor leverages the powerful and mature dissection libraries from the Wireshark project. This requires using a specific version of the sensor binary that has these libraries compiled into it.

This guide covers two primary scenarios:

  • Generic ISUP Support: For standard ISUP over M2UA/M3UA traffic.
  • Sonus STP Support: For specialized traffic from Sonus (now Ribbon) Signal Transfer Points, which requires additional configuration and LUA plugins.

Prerequisites: Getting the Correct Sniffer Binary

Standard VoIPmonitor sensor binaries do not include SS7 support. You must obtain a "Wireshark" build using one of the following methods.

Method 1: Download Pre-compiled Static Binary (Recommended)

Special builds that include Wireshark are available for download. Look for a file with "wireshark" in its name.

  • Download Location: Download Page or historical versions on SourceForge.
  • Example File Name: voipmonitor-wireshark-amd64-VERSION-static.tar.gz
  • Installation: After downloading, extract the archive and replace your existing `/usr/local/sbin/voipmonitor` binary with the new one from the package.

Method 2: Compile from Source

For full control or if a static binary is not available for your platform, you can compile it from source. 

# Clone the sniffer source code from GitHub
git clone https://github.com/voipmonitor/sniffer.git
cd sniffer

# Configure and build with the 'ss7' target
./configure
make ss7
make install

This process will link the sniffer with your system's Wireshark libraries.

Scenario 1: Generic ISUP Support

This setup is for monitoring standard ISUP traffic over protocols like M3UA.

Step 1: Sniffer Configuration

Enable SS7 processing in `/etc/voipmonitor.conf`. 

# /etc/voipmonitor.conf

ss7 = yes

# Optional: If your SS7 traffic runs on a non-standard port, define it here.
# ss7_rudp_port = 7000

Step 2: GUI Configuration

No special configuration is needed in the GUI. Once the first SS7 call is captured and stored in the database's `ss7` table, a new "SS7" section will automatically appear in the main menu.

Scenario 2: Sonus STP SS7 Support

This is a specialized configuration for traffic from Sonus/Ribbon STPs, which requires specific dissector parameters and custom LUA plugins for Wireshark.

Step 1: Sniffer Configuration

In addition to enabling SS7, you must provide specific parameters for the Wireshark dissector. 

# /etc/voipmonitor.conf

ss7       = yes
ss7port   = 7377      # Port for Sonus SS7 traffic
ss7callid = cic       # Use the Circuit Identification Code as the call identifier

# These parameters are passed directly to the internal Wireshark engine
ws_param = mtp3.heuristic_standard:TRUE
ws_param = mtp3.standard:ANSI
ws_param = mtp3.itu_pc_structure:3-8-3

Step 2: Wireshark LUA Plugin Configuration

VoIPmonitor uses custom LUA scripts to properly decode proprietary Sonus headers.

  1. Locate your Wireshark plugins directory. This is typically `/usr/share/wireshark/` or `/usr/local/share/wireshark/`.
  2. Copy the LUA scripts. The required scripts, `sonuscm.1.12.lua` and `sonusimf.1.12.lua`, are located in the `scripts/ss7/lua/` subdirectory of the VoIPmonitor sniffer source code you cloned earlier. Copy them into the Wireshark plugins directory.
  3. Enable the plugins. Edit the `init.lua` file in the Wireshark plugins directory and add the following lines to the end:
-- Load VoIPmonitor's custom Sonus dissector plugins
dofile(DATA_DIR.."sonuscm.1.12.lua")
dofile(DATA_DIR.."sonusimf.1.12.lua")

Step 3: GUI Configuration

The GUI also needs to know how to invoke `tshark` (the command-line version of Wireshark) with the correct parameters to display decoded packets.

Edit `/var/www/html/config/configuration.php` and add the following lines
<?php
// /var/www/html/config/configuration.php

define("TSHARK_PATHNAME", "tshark");
define("TSHARK_PARAMS_SS7_SONUS", "mtp3.heuristic_standard:TRUE;mtp3.standard:ANSI;mtp3.itu_pc_structure:3-8-3");

AI Summary for RAG

Summary: This guide explains how to configure VoIPmonitor to analyze SS7 and ISUP traffic. It clarifies that this functionality requires a special sniffer binary that is compiled with Wireshark's dissection libraries. It outlines two methods for obtaining this binary: downloading a pre-compiled "wireshark" static build or compiling from source with the `make ss7` target. The article then details two primary configuration scenarios. The first is for "Generic ISUP Support," which only requires setting `ss7=yes` in `voipmonitor.conf`. The second, more complex scenario is for "Sonus STP SS7 Support," which involves additional steps: setting specific `ws_param` options (like `mtp3.standard:ANSI`) in `voipmonitor.conf`, installing custom Sonus LUA plugins into the system's Wireshark directory, and defining `TSHARK_PARAMS_SS7_SONUS` in the GUI's `configuration.php` to enable correct packet display. Keywords: ss7, isup, sigtran, m3ua, sonus, ribbon, stp, wireshark, tshark, dissector, lua plugin, `ws_param`, `ss7=yes`, `make ss7`, `TSHARK_PARAMS_SS7_SONUS`, cic, ansi, itu Key Questions:

  • How can I monitor SS7 or ISUP traffic with VoIPmonitor?
  • Why do I need a special "wireshark" version of the sniffer?
  • How do I configure VoIPmonitor for a Sonus/Ribbon STP?
  • Where do I install the Wireshark LUA plugins for Sonus decoding?
  • What `voipmonitor.conf` settings are required for SS7?
  • How to compile VoIPmonitor with SS7 support?
  • What does the `ws_param` configuration option do?
Retrieved from "https://www.voipmonitor.org//doc/index.php?title=Ss7&oldid=5371"