[Gsmmap] Snopsnitch and Wireshark on 4G

Luca Melette luca at srlabs.de
Tue May 8 11:57:28 CEST 2018

Dear Domi,

That's correct. We don't to look into your IP traffic.

The easiest way to sniff SIP is to use tcpdump on your phone (as it's already rooted there should be no issue).



> Hello Markus, hello Luca,
> Thank you very much for both of your inputs. I've verified that installing the latest version of Wireshark and flipping the type byte from 0x0e to 0x12 via hexedit made parsing happen just fine for a packet.
> I'll use this trick until Snoopsnitch is updated.
> One thing I have noticed that Snoopsnitch seems to be only looking at signalling data, is this a correct assumption to make? I wanted to sniff a VoLTE attach procedure, but only the NAS layer was captured, which is just a regular LTE attach. This happened, if I'm correct, because the VoLTE registration runs on a data bearer. It is not an issue at all, I just wanted to check if my understanding is correct.
> I'm really grateful for your support, and looking forward to contribute later if possible and needed.
> Kind regards,
> Domi

More information about the Gsmmap mailing list