How to identify NFs in Wireshark

Q/A
#1

Hi!

I’ve installed Free5GC and I’ve also ran the tests and they worked fine except for a couple of them, but I don’t need those functionalities for what I’m working on.

I’m running it on one virtual machine and I’m trying to identify the messages that each NF sends to each other with Wireshark (the call flow). However, when doing so, I will capture the next packages:

image
image1069×200 124 KB

Since the IPs and the ports are all the same, I can’t really figure out any information about who sent the package to who, so I was wondering if you could help me out as I need to identify the call flows of the different tests.

Regards and thanks in advance!

#2

The service port for each NFs are different. You can check it on config of each NF.

For decoding http2, please reference to our wiki.

If you need to see call flow, you can try to use 5G Trace Visualizer tool.

#3

Thank you for the answer, I still have an issue though:

I’ve tried following the steps on the wiki in order to decode the http2 messages, however all my XXFsslkey.log are empty files during the test execution and also after it finishes. I’ve checked and new XXFsslkey,log area created after each test execution, however they are completely empty. I’ve added amfsslkey.log to Wireshark just in case and it didn’t make any difference, when filtering for http2 packages the list is empty (it was empty as well before adding the log). What else can I do to see the service ports and therefore identifying the communication that happens between each NF?

Also, one more doubt: I can only add the key.log of one NF to Wireshark, so I’m guessing I would only be able to see the packages in which that NF was involved. How could I see every HTTP2 package so every NF involved has a package displayed?

Regards and thanks again for the answer!

#4

I was using free5gc 3.0.3. I’ve updated to the latest stable version (3.0.4) and still the XXFsslkey.log are empty files after doing the tests, so I can’t capture or decode http2 packages.

I was wondering if, while doing the tests, there would be a way to change the IP address of the NFs so each NF has a different IP and therefore I can identify the 2 NFs involved in each package captured.

#5

Hi,

We have update our wiki to show how to decode H2C (HTTP2 without TLS). You can check the config file to verify whether the scheme of your SBI is using. If your SBI is not using https, the sslkey file will remain empty due to you are not using TLS over HTTP2.

You can also check and modify config file to change SBI’s binding IP.