0

I am using wireshark to decode gsm packets. Wireshark picks up all communication at that frequency and decodes it. Overview of the packets obtained.

Now in the system information 5 packet, we have the required parameter.Details of system information 5 packet

I wish to write a code such that if there is only a single value in the last entry of the packet i.e. the neighbour list, an alert inform of a pop up message or something is generated. These packets have to captured and processed in real time. I have installed pyshark but cant figure out how to move forward. Please help

David Lee
  • 665
  • 7
  • 20
buttercup
  • 1
  • 2

1 Answers1

1

I can only give a partial answer, which is how to detect if there's only a single value or not. My suggestion is to use tshark and then post-process the data using another tool, such as wc. For example:

tshark -i lo -Y "gsm_a.rr.arfcn_list" -T fields -e gsm_a.rr.arfcn_list | wc -w

If the result is 1, then there's only 1 entry in the list.

How you generate an alert from this, I'm not sure.

Christopher Maynard
  • 5,702
  • 2
  • 17
  • 23
  • Thankyou so much. However there is a problem with the code. From my understanding, this code increments the number of nearby ARFCNs whenever the system information packet is received (which is quite a number of times). I just want the number of neighbour ARFCNs when the packet appears the first time. – buttercup Jul 22 '20 at 02:43
  • Moreover, further in the list of packets received, there is a packet called paging request 2. It contains the field IMSI/TMSI. I also need to write the code to find out if the field is empty or has a particular value. – buttercup Jul 22 '20 at 02:45
  • Is there anyway I can restrict the number of packets under observation? – buttercup Jul 22 '20 at 02:45