All Favorites

5G NSA Discovery with LTE PCAPs

You need to prove something involved with networking is actually working. How do you do it? If you said PCAPs then you know how magical the right tool can be to provide proof. Networking engineers and architects have long used tools like Wireshark to prove that packets were doing what they were supposed to be doing. They also use it to prove something else is going on and needs to be fixed. While the name implies wires, Wireshark can be used by wireless engineers to troubleshoot issues as well.

Image: Tom Hollingsworth (c) Gestalt IT

Mark Houtz is an expert when it comes to Private LTE and CBRS. He’s got a great breakdown of using Wireshark to capture 5G packet streams for troubleshooting and other fun things. He also talks about some of the challenges when using these tools in new environments and how to work around potential issues. Here’s an example of his sage wisdom:

The issue comes down to a Wireshark feature called GSMTAP. As talked about here, the issue is that GSMTAP has limits on the size of certain containers. The PCI, ARFCN, and other data used by 5G is too large to fit in the GSMTAP fields. The people who built SCAT and QCSuper are proposing updates to GSMTAP v3 but that hasn’t been ratified yet. LTE only based modems do not have this issue. I haven’t had time to verify if Wireshark 4.0 added support new versions of GSMTAP.

Read on to learn more about what Mark is doing with packet captures here: 5G NSA Discovery with LTE PCAPs

About the author

Tom Hollingsworth

Tom Hollingsworth is a networking professional, blogger, and speaker on advanced technology topics. He is also an organizer for networking and wireless for Tech Field Day.  His blog can be found at

Leave a Comment