The Corelatus Blog
E1/T1 and SDH/SONET telecommunications

Replaying bit-exact E1/T1 timeslot recordings

Posted March 15th 2019

This note is about replaying signalling on an E1/T1 line in the lab, using an E1/T1 Messenger 3.0. We can connect two ports with a yellow crossover cable to make the Corelatus system talk to itself over an E1/T1 link.

looping an E1 from one port to another

Now that we've connected two E1 (or T1) ports, we can put transmit and receive bytes. The next step is to make suitable bytes for transmission. Depending on what we have and what we want to do, we can use choose between three techniques:

  1. Replay a bit-exact recording of an E1 timeslot.
  2. Read SS7 packets from a .pcap file, re-create layer 2.
  3. Create SS7 packets from scratch.

This post is about the first approach. I'll cover the other two in later articles.

Approach #1: bit-exact record-and-replay

We can record an E1 timeslot at an operator, take the file back to the lab and then replay it while working on the code to decode the SS7 packets we're interested in. Using a bit-exact recording lets you reproduce what happened in the operator's network. The relative packet timing will be the same. The sequence numbers will be identical. The packet payload will be identical.

All Corelatus hardware can record bit-exact timeslots, both on electrical E1 lines and on optical fiber (E1-on-SDH).

To replay, you need an E1/T1 Messenger 3.0, because it has transmit capabilities. If you have a E1/T1 Monitor 3.0, i.e. listen-only, you can temporarily turn it into a Messenger with a firmware update.

Here's what the data-flow looks like:

data flow of raw E1 bytes

The API commands needed for the recording and replaying, respectively, are 'recorder' and 'player'. They're described in the API manual, e.g. under 'new player'. We'll just use the C version of the sample code. If you prefer, you can use the Python or Perl version, or hack up your own code.

Here's how you can record a timeslot:

    ./record -l 1A 16 /tmp/signalling.raw
    started recording. Press ^C to end.
    0 1448 2896 4096 5544 6992 8192 9640 11088 ^C

The -l switch tells record that L1 is already set up, that way we avoid resetting it.

Back in the lab, we can replay the signalling file we made earlier. I've linked to a copy so you can try it. First, we need to turn the E1 ports on:

    ./enable pcm5A
    ./enable pcm6A

The LEDs in the ports will turn to green and the built-in webserver shows the ports as being in status OK. Next step is to replay the bits, i.e. step (1) on the data flow diagram:

    ./playback_file -l 5A 16 /tmp/2019_03_signalling.raw
    0 1600 3200 4800 6400 8000 wrote 8192 octets to the player
    all done

Most likely, you want to decode the signalling while playing it, this is step (4) on the diagram. You can do that in a separate window, like this:

    ./save_to_pcap  -l 6A 16 gth.pcapng
    monitoring 6A:16 interface_id=0
    capturing packets, press ^C to abort
    saving to file gth.pcapng_00001
    Fri Mar 15 17:17:34 2019 signalling job m2mo0 changed state to 'in service'
    Fri Mar 15 17:17:48 2019 signalling job m2mo0 changed state to 'no signal units'

When you've captured enough, hit control-C and view the PCAP file with Wireshark, which is step (5) on the dataflow diagram. It'll look something like this:

Wireshark viewing the signalling

Permalink | Tags: GTH, telecom-signalling