[asterisk-ss7] using dahdi as an E1 sniffer

Bryan Scott sirbryan at gmail.com
Fri Apr 30 22:31:41 CDT 2010 

What about just as a sniffer, I.e. Not having to interrupt a circuit
to put in the bridge, but maybe as an analyzer on a monitor port?

On Friday, April 30, 2010, Horacio J. Peña <horape at compendium.com.ar> wrote:
> Answering myself, hope it is useful for somebody:
>
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <fcntl.h>
> #include <errno.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include "dahdi-user.h"
>
> main()
> {
> int fds[62];
> char fn[1024];
> int i;
> int BS=160;
> char buf[BS];
>
> for (i=0;i<62;++i) {
>   int c = i+1;
>   if( (fds[i] = open("/dev/dahdi/channel", O_RDWR)) < 0) {
>     printf("Error abriendo %s: %s\n", fn, strerror(errno));
>     exit(1);
>     }
>   if (ioctl(fds[i], DAHDI_SPECIFY, &c) == -1) {
>     printf("Error ioctl SPE %d: %s\n", i, strerror(errno));
>     exit(1);
>     }
>   if (ioctl(fds[i], DAHDI_SET_BLOCKSIZE, &BS) == -1) {
>     printf("Error ioctl BS %d: %s\n", i, strerror(errno));
>     exit(1);
>     }
>   }
>
> while (read (fds[0], buf, BS)) {
>   write (fds[31], buf, BS);
>   for (i=1;i<62;++i) {
>     read (fds[i], buf, BS);
>     write (fds[(i+31)%62], buf, BS);
>     }
>   }
> }
>
>
>
>
> On Fri, Apr 30, 2010 at 12:58:02PM -0300, Horacio J. Peña wrote:
>> Hola!
>>
>> Is there any app that would allow two E1s to be "bridged" so I can
>> intercept a link and use dahdi pcap to analyze the traffic? (does dahdi
>> pcap work for audio/pri channels or only ss7?)
>>
>> If there isn't, would something like this work?
>>
>> main()
>> {
>> int fds[64];
>>
>> // open channels as rw, E1 1 in fds[0..31], E1 2 in fds[32..63]
>>
>> int BS = 1;
>> char buf[BS];
>>
>> while (read (fds[0], buf, BS) {
>>   write (fds[32], buf, BS);
>>   for (i=1;i<64;++i) {
>>     read (fds[i], buf, BS);
>>     write (fds[(i+32)%64], buf, BS);
>>     }
>>   }
>> }
>>
>> (this uses fds[0] as clocking)
>>
>> How many bytes at once (BS) should I read/write? Should I do something
>> very different? (It has been a long time since I worked with zap cards)
>>
>> Thanks!
>> --
>> Horacio J. Peña
>> horape at compendium.com.ar
>> horape at uninet.edu
>
> --
> Horacio J. Peña
> horape at compendium.com.ar
> horape at uninet.edu
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-ss7 mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-ss7
>

More information about the asterisk-ss7 mailing list