Ss7

From VoIPmonitor.org
Revision as of 17:04, 30 June 2025 by Festr (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


This guide explains how to configure VoIPmonitor to capture and analyze SS7 (Signaling System 7) and ISUP (ISDN User Part) traffic. This is an advanced feature that requires a special build of the VoIPmonitor sensor integrated with the Wireshark dissection engine.

Overview

To decode the complex protocols within the SS7 suite, VoIPmonitor leverages the powerful and mature dissection libraries from the Wireshark project. This requires using a specific version of the sensor binary that has these libraries compiled into it.

This guide covers two primary scenarios:

  • Generic ISUP Support: For standard ISUP over M2UA/M3UA traffic.
  • Sonus STP Support: For specialized traffic from Sonus (now Ribbon) Signal Transfer Points, which requires additional configuration and LUA plugins.

Prerequisites: Getting the Correct Sniffer Binary

Standard VoIPmonitor sensor binaries do not include SS7 support. You must obtain a "Wireshark" build using one of the following methods.

Method 1: Download Pre-compiled Static Binary (Recommended)

Special builds that include Wireshark are available for download. Look for a file with "wireshark" in its name.

  • Download Location: Download Page or historical versions on SourceForge.
  • Example File Name: voipmonitor-wireshark-amd64-VERSION-static.tar.gz
  • Installation: After downloading, extract the archive and replace your existing `/usr/local/sbin/voipmonitor` binary with the new one from the package.

Method 2: Compile from Source

For full control or if a static binary is not available for your platform, you can compile it from source. 

# Clone the sniffer source code from GitHub
git clone https://github.com/voipmonitor/sniffer.git
cd sniffer

# Configure and build with the 'ss7' target
./configure
make ss7
make install

This process will link the sniffer with your system's Wireshark libraries.

Scenario 1: Generic ISUP Support

This setup is for monitoring standard ISUP traffic over protocols like M3UA.

Step 1: Sniffer Configuration

Enable SS7 processing in `/etc/voipmonitor.conf`. 

# /etc/voipmonitor.conf

ss7 = yes

# Optional: If your SS7 traffic runs on a non-standard port, define it here.
# ss7_rudp_port = 7000

Step 2: GUI Configuration

No special configuration is needed in the GUI. Once the first SS7 call is captured and stored in the database's `ss7` table, a new "SS7" section will automatically appear in the main menu.

Scenario 2: Sonus STP SS7 Support

This is a specialized configuration for traffic from Sonus/Ribbon STPs, which requires specific dissector parameters and custom LUA plugins for Wireshark.

Step 1: Sniffer Configuration

In addition to enabling SS7, you must provide specific parameters for the Wireshark dissector. 

# /etc/voipmonitor.conf

ss7       = yes
ss7port   = 7377      # Port for Sonus SS7 traffic
ss7callid = cic       # Use the Circuit Identification Code as the call identifier

# These parameters are passed directly to the internal Wireshark engine
ws_param = mtp3.heuristic_standard:TRUE
ws_param = mtp3.standard:ANSI
ws_param = mtp3.itu_pc_structure:3-8-3

Step 2: Wireshark LUA Plugin Configuration

VoIPmonitor uses custom LUA scripts to properly decode proprietary Sonus headers.

  1. Locate your Wireshark plugins directory. This is typically `/usr/share/wireshark/` or `/usr/local/share/wireshark/`.
  2. Copy the LUA scripts. The required scripts, `sonuscm.1.12.lua` and `sonusimf.1.12.lua`, are located in the `scripts/ss7/lua/` subdirectory of the VoIPmonitor sniffer source code you cloned earlier. Copy them into the Wireshark plugins directory.
  3. Enable the plugins. Edit the `init.lua` file in the Wireshark plugins directory and add the following lines to the end:
-- Load VoIPmonitor's custom Sonus dissector plugins
dofile(DATA_DIR.."sonuscm.1.12.lua")
dofile(DATA_DIR.."sonusimf.1.12.lua")

Step 3: GUI Configuration

The GUI also needs to know how to invoke `tshark` (the command-line version of Wireshark) with the correct parameters to display decoded packets.

Edit `/var/www/html/config/configuration.php` and add the following lines
<?php
// /var/www/html/config/configuration.php

define("TSHARK_PATHNAME", "tshark");
define("TSHARK_PARAMS_SS7_SONUS", "mtp3.heuristic_standard:TRUE;mtp3.standard:ANSI;mtp3.itu_pc_structure:3-8-3");

AI Summary for RAG

Summary: This guide explains how to configure VoIPmonitor to analyze SS7 and ISUP traffic. It clarifies that this functionality requires a special sniffer binary that is compiled with Wireshark's dissection libraries. It outlines two methods for obtaining this binary: downloading a pre-compiled "wireshark" static build or compiling from source with the `make ss7` target. The article then details two primary configuration scenarios. The first is for "Generic ISUP Support," which only requires setting `ss7=yes` in `voipmonitor.conf`. The second, more complex scenario is for "Sonus STP SS7 Support," which involves additional steps: setting specific `ws_param` options (like `mtp3.standard:ANSI`) in `voipmonitor.conf`, installing custom Sonus LUA plugins into the system's Wireshark directory, and defining `TSHARK_PARAMS_SS7_SONUS` in the GUI's `configuration.php` to enable correct packet display. Keywords: ss7, isup, sigtran, m3ua, sonus, ribbon, stp, wireshark, tshark, dissector, lua plugin, `ws_param`, `ss7=yes`, `make ss7`, `TSHARK_PARAMS_SS7_SONUS`, cic, ansi, itu Key Questions:

  • How can I monitor SS7 or ISUP traffic with VoIPmonitor?
  • Why do I need a special "wireshark" version of the sniffer?
  • How do I configure VoIPmonitor for a Sonus/Ribbon STP?
  • Where do I install the Wireshark LUA plugins for Sonus decoding?
  • What `voipmonitor.conf` settings are required for SS7?
  • How to compile VoIPmonitor with SS7 support?
  • What does the `ws_param` configuration option do?
Retrieved from "https://www.voipmonitor.org//doc/index.php?title=Ss7&oldid=5371"