31371n @ 11 @ elev1n @ SS7 signal units @ constant @ h1tman @ elevation h1tman@anti-social.com 1. Introduction 2. Explaination of Signal Units 3. Functions of the different Siganl Units 4. Signal Unit Structure 5. Message Signal Unit Structure 6. Link Status Signal Unit Structure 7. Fill-In Signal Unit Structure 8. Appendix 9. Closing 1.Introduction In my last article, i briefly went over the functions of the three signal units Message Signal Units (MSUs),Link Status Signal Units (LSSUs) and Fill-In Signal Units (FISUs). In this paper i will hope to give you more information on these 'packets of the signaling link' so that you can have a broader understanding of how the SS7 network works and communicates with it's components. 2.Explaination of Siganl Units Signal Units (SUs) are packets of data that are sent over the signaling links of a SS7 network. These messages contain needed signalling information such as the destination switch, sending switch, the calling number,called number,selected trunk,etc. Signal Units are used to setup call control and tear down, provide error checking by monitering the link constantly. Basically, it helps manage a SS7 network. 3.Functions of the different Siganl Units FISUS, or Fill-In Signal Units are sent when no important information is being transmitted over the siganl link. They contain no data,they fill up the signalling link until there is a need to send important signalling. They provide a constant signal over the link which is good for monitering and troubleshooting. LSSUs or Link Status Signal Units provide information on the status of the signal link.They signal the initiation of link alignment, the quality of received signaling traffic and the status of processors at either end of the link between the node. MSUs are Message Signall Units, they send messgases between SSPs and STPS and STPs and SCPs. MSUs conatain routing information,trunk data,etc. They control call setups and tear downs and database queries and responses(800 nums,etc) There are several types of MSUs... IAM - Initial Address Message- Used to begin the call. It identifies the sending switch,the recieving switch,the trunk selected, the calling and called numbers, and other information. ACM - Address Complete Message- indicates that the IAM has been recieved. The message identifies the recipient switch, the sending switch ,and the selected trunk. ANM - Answer Message- Is sent when the called person picks up his phone. It tells the trunk to open itself in both directions. REL - Release Message- is sent to tell that one of the calling subcriber has hung up. It also identifies the trunk used for the call. RLC - Release Complete Message- This identifies the trunk used to carry the call and to idlethat trunk. 4.Signal Unit Structure Flag A flag marks the beginning of a signal unit and end of a previous signal unit (if there was one). The flag's binary value is 01111110. MTP Level 2 adds a zero-bit(0) after any sequence of of five one-bits(11111) to remove false flags. After the the message is recieved and the flag removed, MTP Level 2 then removes the 0's so that the original message is restored. Bit manipulation like this is used to prevent data being transmitted over the signalling link containing the flag's binary value. Checksum (CRC) The checksum is an 8-bit (octect) number that verifies that the Signal Unit has been transmitted across the link error free. The checksum is calculated from the transmitted message by the signalling point and then inserted into the message. The checksum is recalculated by the signaling point when the message is received. If the result is different from the recieved checksum,then a retransmission is requested due to the corruption of the SU. Length Indicator The length indicator (LI) shows the number of octets between itself and the checksum. It checks the condition of the SU and to determine what type of SU is being transmitted. A FISU has a length indicator of 0, a LSSU has the lenght indicator of 1 or 2, and a MSU has a length indicator of 3 to 63. If the value is less than 63,than the LI will store that number that number. Yet if the value is greater than 63,then the LI will set the value to 63. Meaning, any MSU with value in the length indicator greater than 63 (ex; 65),the value 63 will be used. BSN/BIB FSN/FIB The Backwards Sequence Number (BSN), Backwards Indicator Bit (BIB), Forward Sequence Number (FSN), and Forward Indicator Bit (FIB) are used to confirm that a signal unit was received and recieved in the correct order transmitted. The BSN is used to confirm that a signal unit was received by the signaling point and contains the sequence number of the SU being acknowledged. The FSN contains the sequence number of the signal unit.The BIB and FIB are used to check for data corruption of the SU and to request retramission. Subservice Field The subservice field contains the network indicator and the message priority. The network indicator indicates whether the the message is for national or international networks. Message priority is only used during certain congestion conditions. Service Indicator The service indicator denotes the MTP user, which allows the decoding of the information contained in the SIF. Signaling Network Management is 0, Maintenance Regular Message is 1, Maintenance Special Message is 2, Signaling Connection Control Part is 3, Telephone User Part is 4, ISDN User Part is 5, Data User Part for call and circuit related is 6, and Data User Part for facility registration is 7. Two bits of the SIO are used to determine whether it is for national or international networks and two bits are used for message priority. The lowest priority is 0 and the highest priority is 3. However, priority is only used during certain congestion condtions. Also note that FISUs and LSSUs do not contain a SIO and that the SIO field in an MSU contains the 4-bit subservice field followed by the 4-bit service indicator. +--------------------+-----------------------------------------------+ | Service Indicator | MTP User | |--------------------|-----------------------------------------------| | 0 | Signaling Network Management Message (SNM) | |--------------------|-----------------------------------------------| | 1 | Maintenance Regular Message (MTN) | |--------------------|-----------------------------------------------| | 2 | Maintenance Special Message (MTNS) | |--------------------|-----------------------------------------------| | 3 | Signaling Connection Control Part (SCCP) | |--------------------|-----------------------------------------------| | 4 | Telephone USer Part (TUP) | |--------------------|-----------------------------------------------| | 5 | ISDN User Part (ISUP) | |--------------------------------------------------------------------| | 6 | Data User Part (call and circuit) | |--------------------------------------------------------------------| | 7 | Data User Part (facility registration) | +--------------------+-----------------------------------------------+ SIF The Signaling Information Field is used for routing information. The routing label is the first section of the Signaling Information Field of a Signal Unit. It identifies the origination point, the destination point, and the signaling link selection. Point codes are numeric addresses which uniquely identifies each signaling point of a SS7 network. The signaling link selection is used to distribute message traffic over different links. The Destination Point Code (DPC) contains the address of the node to which the message is to be sent to. The Originating Point Code (OPC) contains the address of the message originator. The Signaling Link Selection (SLS) distributes the data across different links. SLS The SLS (Signaling Link Selection) is used to verify message sequencing. If any two messages are transmitted with the same SLS,they will arrive at the destination in the same order they were origianlly sent. SLS also allows equal load sharing of traffic among all available links,which theoritically equals the traffic level among all links to that destination. 5.Message Signal Unit Structure +---------+-------+--+---------+--+-----+-----+-------+--------+-------+---------+ | | | B| |F | | | | | | | | Flag | BSN | I| FSN |I | LI |Spare| SIO | SIF | CRC | Flag | | | | B| |B | | | | | | | +---------+-------+--+---------+--+-----+-----+-------+--------+-------+---------+ Length 8 7 1 7 1 6 2 8 8n 16 8 (bits) n<=272 Message Signal Units (MSUs),unlike FISUs and LSSUs have a SIO and a SIF.They need the SIF to hold the call control,database queries and responses and other data. The MSUs have a SIO to determine where the message will be sent (national or international) and what user type is being used. 6.Link Status Signal Unit Structure +---------+-------+--+---------+--+-----+-----+-------+--------+---------+ | | | B| |F | | | | | | | Flag | BSN | I| FSN |I | LI |Spare|Status | CRC | Flag | | | | B| |B | | | | | | +---------+-------+--+---------+--+-----+-----+-------+--------+---------+ Length 8 7 1 7 1 6 2 8/16 16 8 (bits) Link Status Signal Units (LSSUs) carry one or two octets (8-bit bytes) of link status information between signaling points at either end of a link. The link status is used to indicate the status of a signaling point to the remote signaling point. 7.Fill-In Signal Unit Structure +---------+-------+--+---------+--+-----+-----+-------+---------+ | | | B| |F | | | | | | Flag | BSN | I| FSN |I | LI |Spare| CRC | Flag | | | | B| |B | | | | | +---------+-------+--+---------+--+-----+-----+-------+---------+ Length 8 7 1 7 1 6 2 16 8 (bits) Unlike LSSUs and MSUs, FISUs can travel a link in both directions. This is good for network managment because it checks the quality of a link. The FISU is used to fill up the link until a MSU or LSSU is present. 8.Appendix ACM Address Complete Message ANM Answer Message BIB Backward Indicator Bit BSN Backward Sequence Number CRC Cyclic Redundancy Check DPC Destination Point Code FIB Forward Indicator Bit FISU Fill in Signal Unit FSN Forward Sequence Number IAM Initial Address Message LI Length Indicator LSSU Link Status Signal Unit MSU Message Signal Unit MTP Message Transfer Part OPC Originating Point Code REL Release Message RCL Release Complete Message SCCP Signaling Connection Control Part SCP Signal Control Point SIF Signaling Information Field SIO Service Information Octet SLS Signaling Link Selection SS7 Signaling System 7 SSP Signal Switching Point STP Signal Transfer Point SU Signal Unit 9.Closing Thatz it. Hopefully ya newbie phreaks are learning something about telecommunications and how calling your phriend is really made possible. Like last time, i really hope you go out and buy some books on SS7 and ISDN,the books explain it in much more detail then i ever could(even though the books cost ($70-100)). I want feedback too,aight? Keep your beef to a minimum though kid. -h1tman aka tah murdah werd to nulltone,lupus,simon,teflon,loopHole,alienbinary,digiphreq,hybrid,substance... and...seti? idle_TRUNK BBS(973) fewls.jo0 betta recognize%#$^