SDR# to wireshark in Windows?

[poltergeisty]

I would like to feed SDR# to Wireshark but it looks like nothing for Windows exists to take an IQ signal and convert it to something Wireshark can use. I saw mentions of GNURadio and what not, but was hoping for a Windows ability to feed IQ data to Wireshark.

Anyone know of a solution?

 

[boatbod]

I don't think you'll get this done in Windows. op25 will do it in Linux, but the wireshark patches are old (very old) and don't handle ph2.
More important questions:- what are you trying to do with the data that you want to send to Wireshark?

 

[a417]

GNURadio exists for windows, it is exceptionally powerful, albeit the learning curve is quite high.

Wireshark is a network, frame data, and data decoder. Raw IQ data from an SDR will not be decoded by it. You will need to convert, and decode the RAW IQ before you will be able to even get it into a file, and then in to wireshark.

The reason you have seen mentions of GNURadio is because it is EXACTLY what the best tool is to do what you think you want to do.

If we knew what the case was in your particular instance, you might be actually directed down a more specific path.

 

[wgbecks]

I can't think of a single thing that you could gain from Wireshark even if it could decode Raw IQ data that you couldn't obtain much
easier and efficiently with op25, DSDPlus, or Unitrunker. As A417 stated, tell us what you are trying to accomplish.

 

[poltergeisty]

Well, I know that you can use something called Airprobe to feed the IQ data to Wireshark. Have a look here. RTL-SDR Tutorial: Analyzing GSM with Airprobe/GR-GSM and Wireshark

What I want to do is feed P25 phase 1 audio to Wireshark. If it has to be Linux then so be it, but I do know the learning curve is great since I've been reading about it and swinging back Aspirin. That's why I was hoping to do it in Windows.

Edit-

Okay, here's a brief mention of what I want to do. RFTap: A Bridge Between GNURadio and Wireshark

Anyone care to write an "in English" tutorial on this? LOL I can try, but I have a felling I'll end up throwing my computer out the window. One thing about Linux, enter the wrong command and good luck reversing what you just did.

 

[hrh17]

if your looking to see the P25 Phase 1 frames then use OP25 as others have said it's much much easier than WireShark

 

[a417]

Well, I know that you can use something called Airprobe to feed the IQ data to Wireshark. Have a look here. RTL-SDR Tutorial: Analyzing GSM with Airprobe/GR-GSM and Wireshark

I remember reading that post 6 years ago, that's a bit dated now. That was part of the impetus for me to start using gnuradio on a more regular basis

What I want to do is feed P25 phase 1 audio to Wireshark. If it has to be Linux then so be it, but I do know the learning curve is great since I've been reading about it and swinging back Aspirin. That's why I was hoping to do it in Windows.

Edit-

Okay, here's a brief mention of what I want to do. RFTap: A Bridge Between GNURadio and Wireshark

You want to use RFTap (which is very basically a sink block in Gnuradio to stream that to wireshark) to dump audio to wireshark? Why not simply just do everything up to the wiretap point in the stock ol' gnuradio and save it to a file? Then you can try to decode what you want by loading the data into wireshark via a file capture? Then you can see if what you want to do is worth the time it takes to do it? I'm a bit confused as to why you want to dump P1 audio into wireshark, unless you mean you want to dump the P1 data into wireshark, but that is what you wrote

One thing about Linux, enter the wrong command and good luck reversing what you just did.

This is factually wrong. The nice thing about linux is that you can just NOT DO THINGS as a superuser/[sudoer] and then if you really jack things up you just make a new user account and start over from scratch in minutes. Programs will go back to default, you can have a virgin system in about 20 keypresses and a logout/login.

You are equating the fear of your unknown into a problem with the system at large. One can argue, and prove, that a windows user can do more damage to a system than an uniformed plain linux user.


tl;dr - I don't see why you NEED to use RFTap for live streaming right away. I would take two VERY well documented and EXCEPTIONALLY POWERFUL software suites and try to literarally capture the datastream (everything up to that RFTap block in the .grc) and then try opening the saved capture file in wireshark +++NOT IN REAL TIME+++, so that you can literally move in baby steps. You need to run before you can walk, scratch that, reverse it.

....and don't hate on linux, just because you don't understand it.

 

[boatbod]

What I want to do is feed P25 phase 1 audio to Wireshark. If it has to be Linux then so be it, but I do know the learning curve is great since I've been reading about it and swinging back Aspirin. That's why I was hoping to do it in Windows.

So this is almost exactly how op25 came into existence. In it's early versions, op25 captured raw IQ data and demodulated it in gnuradio, then sent the resulting symbols to Wireshark for further processing. Strictly speaking it can still do that now, but the question is why bother when op25 can do the whole thing and dump FMDA (as well as TDMA) codewords directly to the logfile.

Whatcha planning to do with the AMBE/IMBE codewords when you can recover them?

 

[poltergeisty]

You want to use RFTap (which is very basically a sink block in Gnuradio

This sounds promising. But going back to Windows ,I read on their wiki I have to build the damn thing. Never could do that right especially with so-called dependencies. I'm probably better of running it in Linux.

So this looks interesting and may not be so complicated. I've edited path variables before just so that I could use cURL in Windows. Is this a viable option to use RFTap? pothosware/PothosSDR

Yes, what I meant was decode the data, not the audio.

As to Linux, I'm not on the up and up of it all. I did manage to install LAMP and Webmim into CentoOS, but beyond that I have to go to Google and I often times find myself at Stack Exchange. One time I was trying to get VMware Tools installed into Debian and try as I might using VMware's specific command instructions I got error after error after error. Only to Google, find a solution at Stack Exchange, redo the command and get yet another error. This process repeated for some ten long hours until I finally got VMware Tools installed. I was determined that it wasn't going to beat me. Linux is nice and I have used Kali, but I'm just not very well versed with the command line. I'd rather use a GUI if at all possible. sudo this sudo that vi this. It's a headache for me. Terminal commands are like PHP or HTML code, or any code for that matter. Get one character wrong and the whole thing comes crashing down. And I just had that while editing the footer for my website. It looked kosher, but for the life of me I could not see what part was wrong. I finally got it working with some magic and it was only a one byte change. So it had to be just one out of place character that was out of place in the code and I just couldn't see it.

 

[poltergeisty]

so this is almost exactly how op25 came into existence. In it's early versions, op25 captured raw IQ data and demodulated it in gnuradio, then sent the resulting symbols to Wireshark for further processing. Strictly speaking it can still do that now, but the question is why bother when op25 can do the whole thing and dump FMDA (as well as TDMA) codewords directly to the logfile.

I may have another look at OP25. I have bookmarked a tutorial on some guy's blog on how to get it all working. I'll see if I can't do it.


Why do I want to do this? Because the hobby. It's like why would anyone not want to buy moon bounce ham equipment and not try to bounce a signal off the surface of the moon.

 

[a417]

I still think you need to just use Gnuradio to record some demodulated IQ into a file, and then Wireshark to try to decode the data you think you want to. Then try all the RFTap streaming stuff.

You mentioned windows, CentOS and now Kali (I saw Mr Robot, too). You should probably try to pick a more vanilla and widely supported(not a derivative or fringe distrobution) and learn the basics. eg. Debian, Fedora, CentOS. You can then not have to worry about convoluted information from [cringe] stack exchange or other online forums and just slowly read the fantastic manuals and get going. I don't see why you don't pick something like Debian (graphical from install to GUI), massive package support, as much command line as YOU WANT, and go from there.

You seem to be throwing random handfuls at a wall, seeing what sticks, and then changing hands before it dries.

 

[a417]

I may have another look at OP25. I have bookmarked a tutorial on some guy's blog on how to get it all working. I'll see if I can't do it.

You might want to have another look at OP25, and ask @boatbod things you cant figure out from the docs. There's a reason...

 

[boatbod]

Suggest you get op25 working and then turn the logging up to "-v 10". All the ambe/imbe codewords will be right there in the log for your post-processing pleasure

 

[poltergeisty]

Alright, when I have time I'll give GNUradio a shot and probably be back here with even more questions. I do have an op25 install tutorial bookmarked and I can give that a try as well. Will op25 allow me to run the IQ into Wireshark? Or can I generate pcap files with it?

As far as Mr. Robot. HAHAHA I've heard of the show for years and never once saw an episode, but I'm often quoted to that movie on other forums I'm a member of. To be honest, Mr.Robot sounds like an 80s song... LOL

 

[boatbod]

Alright, when I have time I'll give GNUradio a shot and probably be back here with even more questions. I do have an op25 install tutorial bookmarked and I can give that a try as well. Will op25 allow me to run the IQ into Wireshark? Or can I generate pcap files with it?

As far as Mr. Robot. HAHAHA I've heard of the show for years and never once saw an episode, but I'm often quoted to that movie on other forums I'm a member of. To be honest, Mr.Robot sounds like an 80s song... LOL

You *can* run op25 into wireshark, but you'll have to build a really old version of wireshark and incorporate some P25-specific patches. After you go through the frustration of getting it working you'll find it decodes less of the P25 protocol (and no phase 2 signaling or AMBE codewords) than op25 is natively capable of. Having done it, I'd say the pain is not worth the effort of simply turning up the op25 log level on the rx.py command line.

Brief op25 installation instructions:-

cd ~
sudo apt-get install git
git clone https://github.com/boatbod/op25
cd op25
./install.sh

Once you have op25 installed you need to go to the 'apps' directory and make a configuration (trunk.tsv and op25.sh).

cd ~/op25/op25/gr-op25_repeater/apps

 

[a417]

i'm going to un-sub this thread, as you are speaking to the person who WROTE op25.

 

[slicerwizard]

I don't see Max here.

 

[boatbod]

I don't see Max here.

No disrespect to anyone who has contributed along the way, but I don't think Max was the original author of op25. He certainly wrote a huge portion of what we now use, but a lot of the oldest code in the gr-op25/ hierachy is attributed to Steve Glass. Other names that appear in the sources include Frank (Radio Rausch), Jonathan Naylor, Max Parke, Mathias Weyland, Pavel Yazev, and myself.

 

[a417]

Didn't know the backstory of op25, I just saw the git repo name. apologies to all, don't want to take credit away from anyone who has rightfully earned it.

Let me redact my original statement, and replace it with "you are speaking to the person who maintains the aforementioned repository of op25". Much more technically accurate.

 

[boatbod]

Didn't know the backstory of op25, I just saw the git repo name. apologies to all, don't want to take credit away from anyone who has rightfully earned it.

Let me redact my original statement, and replace it with "you are speaking to the person who maintains the aforementioned repository of op25". Much more technically accurate.

No worries