mon2pcap is a program for converting Cisco's StarOS "monitor subscriber" or "monitor protocol" text based packet captures to PCAP.
This program will work only if the PDU Hexdump switch (X or A) is enabled.
This program comes with no guarantees whatsoever.
The hexdump in the monsub does NOT represent a full packet, hence:
The layers had to be generated for wireshark and other tools working with pcap file formats to properly dissect them.
- Python 3.8.1 or newer
⚠️ Installers usually ask to add Python toPATH, do it now and you will avoid headaches later. - pip - The Python Package Installer
- mon2pcap installation:
$ pip install mon2pcap
$ mon2pcap --help
usage: mon2pcap [-h] -i <infile> [-o <outfile>]
[-e {GTPC,GTPCv2,GTPU,RADIUS,USERL3,USERL3_IPV6,CSS,DIAMETER,RANAP...}]
[-s] [-v] [-d]
Convert StarOS "monitor subscriber" or "monitor protocol" ASCII dump to PCAP
options:
-h, --help show this help message and exit
-i <infile>, --input <infile>
input file
-o <outfile>, --output <outfile>
output file
-e {GTPC,GTPCv2,GTPU,RADIUS,USERL3,USERL3_IPV6,CSS,DIAMETER,RANAP...}
exclude one or more protocols
-s, --skip-malformed Skip malformed packets
-v, --version show program's version number and exit
-d, --debug debug level logging
$ mon2pcap -i test_mon_sub.txt
100%|██████████████████████████████████████████████████████| 1746/1746 [00:00<00:00, 237876.14 lines/s]
PCAP generated at "test_mon_sub.pcap"
Found #14 valid packets
========================
GTPC : 4
DIAMETER : 4
PFCP : 4
GTPP : 2
Ignored : 4
SPGW/GGSN/SAEGW:
GTPC (24)ON by defaultEGTPC (74)ON by defaultRadius Auth (13)ON by defaultRadiu Acct (14)ON by defaultEC Diameter (36)ON by defaultGTPU (26)OFF by defaultUser L3 (19)OFF by defaultCSS Data (34)OFF by defaultIPSec IKEv2 (40)OFF by defaultDNS Client (70)OFF by defaultL2TP (21)ON by defaultRadius COA (31)OFF by defaultDHCP (28)OFF by defaultL3 Tunnel (33)OFF by default //tested with GREPFCP (49)ON by defaultGTPP (27)ON by defaultLMISF (39)OFF by default
MME/SGSN:
GTPC (24)ON by defaultS1AP (81)ON by defaultDIAMETER (36)ON by defaultRANAP (56)OFF by defaultBSSGP (59)OFF by defaultTCAP (54)OFF by defaultSCCP (53)OFF by defaultSLS (94)ON by defaultSCTP (51)OFF by default