LAPD: Link Access Protocol for D channel
LAPD
WTF is LAPD
LAPD is basically layer 2 protocol usually required on ISDN D channel. Moreover it is used in GSM Abis interface.
This tutorial will teach you about the configuration of T2 core to activate the LAPD flow stream dissector.
This is not a tutorial about LAPD and Abis, a good overview about the packet structure can be found here.
Preparation
First, restore T2 into a pristine state by removing all unnecessary or older plugins from the plugin folder ~/.tranalyzer/plugins:
t2build -e -y
Are you sure you want to empty the plugin folder '/home/wurst/.tranalyzer/plugins' (y/N)? yes
Plugin folder emptied
Then compile the core (tranalyzer2) and the following plugins:
t2build tranalyzer2 basicFlow basicStats protoStats txtSink
...
BUILD SUCCESSFUL
If you did not create a separate data and results directory yet, please do it now in another bash window, that facilitates your workflow:
mkdir ~/data ~/results
The sample PCAP used in this tutorial can be downloaded here: abis-accept-network.pcap.
Please save it in your ~/data folder.
Now you are all set for analyzing LAPD traffic!
LAPD, Abis to flows
Let’s start with the SCTP pcap in T2 default mode.
In order to enable the LAPD or Abis packets dissection into flows, set LAPD_ACTIVATE to 1 networkHeaders.h:
tranalyzer2
vi src/networkHeaders.h
...
/* ========================================================================== */
/* ------------------------ USER CONFIGURATION FLAGS ------------------------ */
/* ========================================================================== */
#define IPV6_ACTIVATE 2 // 0: IPv4 only
// 1: IPv6 only
// 2: dual mode
#define ETH_ACTIVATE 1 // 0: No L2 flows,
// 1: Activate L2 flows,
// 2: Also use Ethernet addresses for IPv4/6 flows
#define LAPD_ACTIVATE 0 // 0: No LAPD/Q.931 flows
// 1: Activate LAPD/Q.931 flow generation
#define LAPD_OVER_UDP 0 // 0: Do not try dissecting LAPD over UDP
// 1: Dissect LAPD over UDP (experimental)
#define SCTP_ACTIVATE 0 // 0: standard flows
// 1: activate SCTP chunk streams -> flows
// 2: activate SCTP association -> flows
// 3: activate SCTP chunk & association -> flows
#define SCTP_STATFINDEX 1 // 0: findex increments
// 1: findex constant for all SCTP streams in a packet
#define MULTIPKTSUP 0 // multi-packet suppression
#define T2_PRI_HDRDESC 1 // keep track of the headers traversed
#define T2_HDRDESC_AGGR 1 // aggregate repetitive headers, e.g., vlan{2}
#define T2_HDRDESC_LEN 128 // max length of the headers description
/* ========================================================================== */
/* ------------------------- DO NOT EDIT BELOW HERE ------------------------- */
/* ========================================================================== */
...So switch on LAPD_ACTIVATE and rebuild all because there might be plugins in future
which depend on this core switch.
t2conf tranalyzer2 -D LAPD_ACTIVATE=1 && t2build -R -r
Then run t2 on the pcap.
t2 -r ~/data/abis-accept-network.pcap -w ~/results/ -s
Looking at the plugin end report, 100% are LAPD packets. Four flows are created and you there is an info at the end.
In the protocols file you see a Q.931 call control channel and LAPD packets
cat ~/results/abis-accept-network_protocols.txt
# Total packets: 85
# Total bytes: 3535 (3.54 K)
# L2/3 Protocol Packets Bytes Description
0xf000 24 [ 28.24%] 963 [ 27.24%] Q.931 Call Control Procedure
0xf0f8 61 [ 71.76%] 2572 [ 72.76%] Link Access Procedure D-Channel (LAPD)
# Total IPv4 packets: 0 [0.00%]
# Total IPv6 packets: 0 [0.00%]
# L4 Protocol Packets Bytes Description
# Total TCP packets: 0 [0.00%]
# Total TCP bytes: 0 [0.00%]
# Total UDP packets: 0 [0.00%]
# Total UDP bytes: 0 [0.00%]Let’s look at the flow file now:
tcol ~/results/abis-accept-network_flows.txt
%dir flowInd flowStat timeFirst timeLast duration numHdrDesc numHdrs hdrDesc srcMac dstMac ethType ethVlanID srcIP srcIPCC srcIPOrg srcPort dstIP dstIPCC dstIPOrg dstPort l4Proto numPktsSnt numPktsRcvd numBytesSnt numBytesRcvd minPktSz maxPktSz avePktSize stdPktSize minIAT maxIAT aveIAT stdIAT pktps bytps pktAsm bytAsm
A 1 0x1000000000000004 1230954314.000000 1230954317.000000 3.000000 1 1 lapd 0xf0fa - - "-" 0 - - "-" 0 0 30 31 664 749 9 92 22.13333 18.18611 0 1 0.1 0.2898479 10 221.3333 -0.01639344 -0.0601557
B 1 0x1000000000000005 1230954314.000000 1230954343.000000 29.000000 1 1 lapd 0xf0f8 - - "-" 0 - - "-" 0 0 31 30 749 664 9 92 24.16129 20.96339 0 26 0.9354839 4.510617 1.068966 25.82759 0.01639344 0.0601557
A 2 0x1000000000000004 1230954317.000000 1230954366.000000 49.000000 1 1 lapd 0xf002 - - "-" 0 - - "-" 0 0 14 10 366 141 4 67 26.14286 14.07865 0 44 3.5 10.44187 0.2857143 7.469388 0.1666667 0.443787
B 2 0x1000000000000005 1230954361.000000 1230954366.000000 5.000000 1 1 lapd 0xf000 - - "-" 0 - - "-" 0 0 10 14 141 366 4 24 14.1 5.926589 0 2 0.5 0.6184462 2 28.2 -0.1666667 -0.443787Now, open the packet file under your results directory.
tcol ~/results/abis-accept-network_packets.txt
%pktNo flowInd flowStat time pktIAT pktTrip flowDuration numHdrs hdrDesc ethVlanID srcMac dstMac ethType srcIP srcIPCC srcIPOrg srcPort dstIP dstIPCC dstIPOrg dstPort l4Proto pktLen l7Len l7Content
1 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:63:00:ff:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 28 9 ....c....................
2 1 0x1000000000000005 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:64:00:ff:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 28 9 ....d....................
3 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:a3:00:ff:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 28 9 .........................
4 1 0x1000000000000005 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:a4:00:ff:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 28 9 .........................
5 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:a6:00:ff:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 28 9 .........................
6 1 0x1000000000000005 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:a7:00:ff:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 28 9 .........................
7 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:74:00:ff:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 28 9 ....t....................
8 1 0x1000000000000005 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:75:00:ff:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 28 9 ....u....................
9 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:a3:00:ff:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 28 9 .........................
10 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 1c:d0:00:ff:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 51 32 ............\t..$........B..\nD...................
11 1 0x1000000000000005 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:a4:00:ff:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 28 9 ............\t..$........B
12 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 4c:41:01:00:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 99 80 ...LA....\t?\n.a....db.f.n....\n....{.#.(...*.+...}3,.)ZZZ..#(.#(5..F..X.@........{................
13 1 0x1000000000000005 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 1c:d1:00:ff:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 51 32 ............\t..$........B..\nD....{.#.(...*.+...}
14 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 58:d0:a1:00:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 111 92 ...X.......d.g.h.j.l.m.o.p..q...r..s\nt.u.v.x.y.z.}... ..E..H..Z..[..^.._. ...G..\.d].... ..<................
15 1 0x1000000000000005 1230954315.000000 1.000000 1.000000 1.000000 1 lapd 4c:42:01:00:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 99 80 ...LB....\t?\n.a....db.f.n....\n....{.#.(...*.+...}3,.)ZZZ..#(.#(5..F..X.@........{\.d].... ..<....
16 1 0x1000000000000004 1230954315.000000 1.000000 0.000000 1.000000 1 lapd 2e:d0:a2:00:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 69 50 .........i.k.~........\n.......................@e...)ZZZ..#(.#(5..F
17 1 0x1000000000000005 1230954315.000000 0.000000 0.000000 1.000000 1 lapd 58:d1:a1:00:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 111 92 ...X.......d.g.h.j.l.m.o.p..q...r..s\nt.u.v.x.y.z.}... ..E..H..Z..[..^.._. ...G..\.d].... ..<................
18 1 0x1000000000000004 1230954315.000000 0.000000 0.000000 1.000000 1 lapd 09:24:02:00:00:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 32 13 ...\t$........g.h.j.l.m.o.p..q
...l7Content displays in packet 13-18 some UTF-16 text which gives an indication for a message channel.
If you like to reverse the protocol, or write a plugin, the hex representation of the content helps a lot.
Look into main.h again
tranalyzer2
vi src/main.h
The constant SPKTMD_PCNTH enables hex output in the packet file.
While SPKTMD_PCNTL controls the start pointer of the content.
/* ========================================================================== */
/* ------------------------ USER CONFIGURATION FLAGS ------------------------ */
/* ========================================================================== */
// Packet mode (-s option)
#define SPKTMD_PKTNO 1 // Print the packet number
#define SPKTMD_PCNTC 1 // Print payload as characters
#define SPKTMD_PCNTH 0 // Print payload as hex
#define SPKTMD_PCNTL 4 // 0: Print the full payload of the packet
// 1: Print payload from L2
// 2: Print payload from L3
// 3: Print payload from L4
// 4: Print payload from L7
// Configure packet mode as hex
#define SPKTMD_PCNTH_PREF "0x" // Prefix to add to every byte ("" -> ab cd instead of 0xab 0xcd)
#define SPKTMD_PCNTH_SEP " " // Byte separator ("," -> 0xab,0xcd instead of 0xab 0xcd)
...
/* ========================================================================== */
/* ------------------------- DO NOT EDIT BELOW HERE ------------------------- */
/* ========================================================================== */So lets switch hex on and move the content pointer to layer 2 and rerun t2.
t2conf tranalyzer2 -D SPKTMD_PCNTH -D SPKTMD_PCNTL=1 && t2build -R
t2 -r ~/data/abis-accept-network.pcap -w ~/results/ -s
The packet file contains now both, char and hex content representation, ready for
post processing. And note that the content column is now labeled l2Content.
tcol ~/results/abis-accept-network_packets.txt
%pktNo flowInd flowStat time pktIAT pktTrip flowDuration numHdrs hdrDesc ethVlanID srcMac dstMac ethType srcIP srcIPCC srcIPOrg srcPort dstIP dstIPCC dstIPOrg dstPort l4Proto pktLen l7Len l2HexContent l2Content
1 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:63:00:ff:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 28 9 0xfa 0x33 0x03 0x80 0x80 0x00 0x05 0x63 0x00 0xff 0xff 0xff 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 .3.....c....................
2 1 0x1000000000000005 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:64:00:ff:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 28 9 0xf8 0x33 0x03 0x80 0x80 0x00 0x05 0x64 0x00 0xff 0xff 0xff 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 .3.....d....................
3 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:a3:00:ff:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 28 9 0xfa 0x33 0x03 0x80 0x80 0x00 0x05 0xa3 0x00 0xff 0xff 0xff 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 .3..........................
4 1 0x1000000000000005 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:a4:00:ff:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 28 9 0xf8 0x33 0x03 0x80 0x80 0x00 0x05 0xa4 0x00 0xff 0xff 0xff 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 .3..........................
5 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:a6:00:ff:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 28 9 0xfa 0x33 0x03 0x80 0x80 0x00 0x05 0xa6 0x00 0xff 0xff 0xff 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 .3..........................
6 1 0x1000000000000005 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:a7:00:ff:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 28 9 0xf8 0x33 0x03 0x80 0x80 0x00 0x05 0xa7 0x00 0xff 0xff 0xff 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 .3..........................
7 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:74:00:ff:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 28 9 0xfa 0x33 0x03 0x80 0x80 0x00 0x05 0x74 0x00 0xff 0xff 0xff 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 .3.....t....................
8 1 0x1000000000000005 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:75:00:ff:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 28 9 0xf8 0x33 0x03 0x80 0x80 0x00 0x05 0x75 0x00 0xff 0xff 0xff 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 .3.....u....................
9 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:a3:00:ff:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 28 9 0xfa 0x33 0x03 0x80 0x80 0x00 0x05 0xa3 0x00 0xff 0xff 0xff 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 .3..........................
10 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 1c:d0:00:ff:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 51 32 0xfa 0x33 0x03 0x80 0x80 0x00 0x1c 0xd0 0x00 0xff 0xff 0xff 0x91 0x07 0xd7 0x09 0x08 0x0e 0x24 0x0b 0xce 0x02 0x00 0x1e 0xe8 0x01 0x05 0x42 0x02 0x00 0x0a 0x44 0x02 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 .3.............\t..$........B..\nD...................
11 1 0x1000000000000005 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 05:a4:00:ff:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 28 9 0xf8 0x33 0x03 0x80 0x80 0x00 0x05 0xa4 0x00 0xff 0xff 0xff 0x91 0x07 0xd7 0x09 0x08 0x0e 0x24 0x0b 0xce 0x02 0x00 0x1e 0xe8 0x01 0x05 0x42 .3.............\t..$........B
12 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 4c:41:01:00:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 99 80 0xfa 0x33 0x03 0x80 0x80 0x00 0x4c 0x41 0x01 0x00 0xff 0xff 0x09 0x3f 0x0a 0x04 0x61 0x00 0x0b 0xff 0x0c 0x64 0x62 0x00 0x66 0x00 0x6e 0x06 0x18 0x1f 0x19 0x0a 0x0f 0x14 0x19 0x1e 0x7b 0x0b 0x23 0x14 0x28 0x00 0x04 0x03 0x2a 0x7f 0x2b 0x00 0xfa 0x8f 0x7d 0x33 0x2c 0x1f 0x29 0x5a 0x5a 0x5a 0x87 0x94 0x23 0x28 0x95 0x23 0x28 0x35 0x01 0x00 0x46 0x01 0x00 0x58 0x01 0x40 0xc5 0x01 0x00 0xf2 0x01 0x00 0x08 0x00 0x7b 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 .3....LA....\t?\n.a....db.f.n....\n....{.#.(...*.+...}3,.)ZZZ..#(.#(5..F..X.@........{................
13 1 0x1000000000000005 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 1c:d1:00:ff:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 51 32 0xf8 0x33 0x03 0x80 0x80 0x00 0x1c 0xd1 0x00 0xff 0xff 0xff 0x91 0x07 0xd7 0x09 0x08 0x0e 0x24 0x0b 0xce 0x02 0x00 0x1e 0xe8 0x01 0x05 0x42 0x02 0x00 0x0a 0x44 0x02 0x00 0x00 0x1e 0x7b 0x0b 0x23 0x14 0x28 0x00 0x04 0x03 0x2a 0x7f 0x2b 0x00 0xfa 0x8f 0x7d .3.............\t..$........B..\nD....{.#.(...*.+...}
14 1 0x1000000000000004 1230954314.000000 0.000000 0.000000 0.000000 1 lapd 58:d0:a1:00:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 111 92 0xfa 0x33 0x03 0x80 0x80 0x00 0x58 0xd0 0xa1 0x00 0xff 0xff 0xd0 0x00 0x64 0x00 0x67 0x00 0x68 0x00 0x6a 0x00 0x6c 0x00 0x6d 0x00 0x6f 0x08 0x70 0x08 0x01 0x71 0x10 0x10 0x10 0x72 0x08 0x02 0x73 0x0a 0x74 0x05 0x75 0x06 0x76 0x06 0x78 0x14 0x79 0x14 0x7a 0x14 0x7d 0x06 0x92 0x03 0x20 0x01 0x00 0x45 0x01 0x00 0x48 0x01 0x00 0x5a 0x01 0x00 0x5b 0x01 0x05 0x5e 0x01 0x1a 0x5f 0x01 0x20 0x9d 0x01 0x00 0x47 0x01 0x00 0x5c 0x01 0x64 0x5d 0x01 0x1e 0x97 0x01 0x20 0xf7 0x01 0x3c 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 .3....X.......d.g.h.j.l.m.o.p..q...r..s\nt.u.v.x.y.z.}... ..E..H..Z..[..^.._. ...G..\.d].... ..<................
15 1 0x1000000000000005 1230954315.000000 1.000000 1.000000 1.000000 1 lapd 4c:42:01:00:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 99 80 0xf8 0x33 0x03 0x80 0x80 0x00 0x4c 0x42 0x01 0x00 0xff 0xff 0x09 0x3f 0x0a 0x04 0x61 0x00 0x0b 0xff 0x0c 0x64 0x62 0x00 0x66 0x00 0x6e 0x06 0x18 0x1f 0x19 0x0a 0x0f 0x14 0x19 0x1e 0x7b 0x0b 0x23 0x14 0x28 0x00 0x04 0x03 0x2a 0x7f 0x2b 0x00 0xfa 0x8f 0x7d 0x33 0x2c 0x1f 0x29 0x5a 0x5a 0x5a 0x87 0x94 0x23 0x28 0x95 0x23 0x28 0x35 0x01 0x00 0x46 0x01 0x00 0x58 0x01 0x40 0xc5 0x01 0x00 0xf2 0x01 0x00 0x08 0x00 0x7b 0x5c 0x01 0x64 0x5d 0x01 0x1e 0x97 0x01 0x20 0xf7 0x01 0x3c 0x00 0x00 0x00 0x00 .3....LB....\t?\n.a....db.f.n....\n....{.#.(...*.+...}3,.)ZZZ..#(.#(5..F..X.@........{\.d].... ..<....
16 1 0x1000000000000004 1230954315.000000 1.000000 0.000000 1.000000 1 lapd 2e:d0:a2:00:ff:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 69 50 0xfa 0x33 0x03 0x80 0x80 0x00 0x2e 0xd0 0xa2 0x00 0xff 0xff 0x69 0x00 0x6b 0x00 0x7e 0x04 0x01 0x7f 0x04 0x02 0x80 0x0f 0x81 0x0a 0x82 0x05 0x83 0x05 0x84 0x0c 0x85 0x14 0x86 0x0f 0x87 0x04 0x88 0x04 0x89 0x02 0x8a 0x02 0x8b 0x02 0x8c 0x01 0x8d 0x40 0x65 0x01 0x00 0x1f 0x29 0x5a 0x5a 0x5a 0x87 0x94 0x23 0x28 0x95 0x23 0x28 0x35 0x01 0x00 0x46 .3..........i.k.~........\n.......................@e...)ZZZ..#(.#(5..F
17 1 0x1000000000000005 1230954315.000000 0.000000 0.000000 1.000000 1 lapd 58:d1:a1:00:ff:ff f8:33:03:80:80:00 0xf0f8 - - - - 0 111 92 0xf8 0x33 0x03 0x80 0x80 0x00 0x58 0xd1 0xa1 0x00 0xff 0xff 0xd0 0x00 0x64 0x00 0x67 0x00 0x68 0x00 0x6a 0x00 0x6c 0x00 0x6d 0x00 0x6f 0x08 0x70 0x08 0x01 0x71 0x10 0x10 0x10 0x72 0x08 0x02 0x73 0x0a 0x74 0x05 0x75 0x06 0x76 0x06 0x78 0x14 0x79 0x14 0x7a 0x14 0x7d 0x06 0x92 0x03 0x20 0x01 0x00 0x45 0x01 0x00 0x48 0x01 0x00 0x5a 0x01 0x00 0x5b 0x01 0x05 0x5e 0x01 0x1a 0x5f 0x01 0x20 0x9d 0x01 0x00 0x47 0x01 0x00 0x5c 0x01 0x64 0x5d 0x01 0x1e 0x97 0x01 0x20 0xf7 0x01 0x3c 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 .3....X.......d.g.h.j.l.m.o.p..q...r..s\nt.u.v.x.y.z.}... ..E..H..Z..[..^.._. ...G..\.d].... ..<................
18 1 0x1000000000000004 1230954315.000000 0.000000 0.000000 1.000000 1 lapd 09:24:02:00:00:ff fa:33:03:80:80:00 0xf0f8 - - - - 0 32 13 0xfa 0x33 0x03 0x80 0x80 0x00 0x09 0x24 0x02 0x00 0x00 0xff 0x01 0x00 0x01 0xff 0x67 0x00 0x68 0x00 0x6a 0x00 0x6c 0x00 0x6d 0x00 0x6f 0x08 0x70 0x08 0x01 0x71 .3....\t$........g.h.j.l.m.o.p..q
...Conclusion
Don’t forget to reset T2 core for the next tutorial:
t2conf --reset tranalyzer2 && t2build -R
Have fun experimenting.