Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] GPRS Conversation

From: Rick Bywater <rbywater@xxxxxxxxxx>
Date: Fri, 17 Sep 2010 16:41:11 -0400
I have been looking into writing code to handle GRPS conversations, but do not know how to proceed.  The existing conversation code is address/port based.  In GPRS, conversations between the GSN and mobile equipment are identified by their TLLI, not the address:port which is delivering the traffic.  To complicate matters, the TLLI changes over time.  I noted an exchange on the wireshark-dev (http://www.wireshark.org/lists/wireshark-dev/200906/msg00315.html) which describes a similar situation with one notable exception - mobility.  I see no means to track a mobile device across existing BSS-GSN "conversations."

This problem exists in other cases besides GSM, as well.  Suppose you have a device, D, access points AP1, AP2, and AP3, and mobile device, MD1.  A wireshark trace would show conversations between D and AP1, D and AP2, and D and AP2, and (potentially) 3 conversations between D and MD1 as MD1 moved between the three access points.  However, there is no mechanism to tie these together.

Anyone have a suggestion on how to resolve this?

Regards,

Rick Bywater

This e-mail may contain privileged, confidential, copyrighted or other legally protected information, and is intended exclusively for the intended recipient. If you are not the intended recipient (even if the e-mail address above is yours), you may not review, store, use, copy, disclose or retransmit it in any form. If you are not the intended recipient or otherwise have received this by mistake, please immediately notify the sender by return e-mail (or sysadmin@xxxxxxxxxx), then delete the message in its entirety. Thank you.