Wireshark use filter1/7/2023 ![]() Next up let’s take a look at the contents of one of these packets, Quick note – Not all IntialUEMessages will contain the IMSI – If the subscriber has already established comms with the MME it’ll instead be using a temporary identifier – M-TMSI, unless you’ve got a way to see the M-TMSI -> IMSI mapping on the MME you’ll be out of luck. The Wireshark e212 filter filters for ITU-T E.212 payloads (ITU-T E.212 is the spec for PLMN identifiers). Luckily we can filter in Wireshark to find the IMSI we’re after e212.imsi = "001010000000001" ![]() The S1 interface only contains the IMSI in certain NAS messages, so the first step in tracing a subscriber is to find the initial attach request from that subscriber containing the IMSI. So how do we find all the packets relating to a single subscriber / IMSI amidst a sea of S1 packets? The S1 interface can be pretty noisy, which makes it hard to find the info you’re looking for.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |