While running my GPON SFP stick, I noticed that viewing the omci log is very time consuming. The log has many messages, and each of them contains a lot of information that needs to be decoded. I decided to make my work easier and dump the logs into Wireshark to analyze the flow of OMCI messages.
OMCI is G.988 ITU Recommendation for the management and control of ONUs. The latest public version of this document is available on the ITU website:
https://www.itu.int/rec/T-REC-G.988/en
The page 475 of the 11/17 version of the document lists all Managed Entity(ME) identifiers. This information will be useful later when viewing messages in the Wireshark.
Work on omci-wireshark-dissector which is the most popular software used for OMCI decoding started about 10 years ago. The original repository is still on google code. https://code.google.com/archive/p/omci-wireshark-dissector/
Fortunately for us, omci-dissector plugins are now part of the Wireshark plugin repository. The latest available version from 2014 is 14-3-13-r11. https://wiki.wireshark.org/Contrib#Protocol_Dissectors
I recommend using omci.lua from my repository, as I have started updating this file with the missing MEs.
Detailed instructions for RTL9601CI V2801F, RTL9601D DFP-34X-2C2 or BCM68380 Broadcom devices can be found at the bottom of the page.
- After wireshark is installed go to: Help, About Wireshark, Folders and locate your plugins folder. My global is /usr/lib64/wireshark/plugins or personal /home/user/.local/lib/wireshark/plugins
- Copy the omci.lua and BinDecHex.lua files to one of the plugin folders.
- Use provided omci-example.pcap from wiki.wireshark.org to test your installation.
Each messages is 48 bytes including at the end CRC32 based on AAL5 algorithm implementation. Calculating CRC32 for OMCI
00 00 10 0A 00 0B 04 01 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 28 65 1A D0 4F
00 00 10 0A 00 0B 04 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 28 17 26 76 71
In order for Wireshark to display these packets as a hex dump, each byte must be separated by a space and have a start offset<000000> before it.
cat omcilog | sed -e 's/^/000000 /' > omci.hex
The same OMCI messages after conversion:
000000 00 00 10 0A 00 0B 04 01 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 28 65 1A D0 4F
000000 00 00 10 0A 00 0B 04 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 28 17 26 76 71
To open the omci.hex file in Wireshark select:
File -> Import from Hex Dump
Encapsulation Type -> Ethernet
set Ethernet -> Ethertype (hex): 88b5
Import
pcap file needs three additional elements. Start with the original omcilog file.
Destination Address + Source Address + Ethertype
20:52:45:43:56:00 20:53:45:4e:44:00 88 b5
cat omcilog | sed '{s/^/20 52 45 43 56 00 20 53 45 4e 44 00 88 b5 /g;s/^/000000 /}' > omci.pcp
text2pcap omci.pcp omci.pcap
The text2pcap program is part of the Wireshark installation, it loads an ASCII hexadecimal dump and writes the data to a pcap file.
Then just double click on the pcap file.