ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] transparent GTP-'detunneling' in wireshark

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Wortley, Juan (NSN - AR/Cordoba)" <juan.wortley@xxxxxxx>
Date: Mon, 24 Nov 2008 06:10:45 -0600
Hi Ariel,
No particular filter is required. When you apply a filter to a GTP
capture, that filter will try to match transport IP for GTP, and also
encapsulated IP inside GTP.

For instance, if you filter out by using "ip.addr==10.1.1.1" then WS
will apply the filter to transport IP (lowest IP layer) and also to
transported IP (upper layer):

UDP/TCP
-------
IP      <----- Filter tries to match "10.1.1.1" here
-------
GTP
-------
UDP
-------
IP      <----- Filter tries to match "10.1.1.1" here too


BR,
Juan



>-----Original Message-----
>From: ext Ariel Burbaickij [mailto:ariel.burbaickij@xxxxxxxxx] 
>Sent: Saturday, November 22, 2008 8:51 AM
>To: Community support list for Wireshark; Wortley, Juan (NSN - 
>AR/Cordoba)
>Subject: Re: [Wireshark-users] transparent GTP-'detunneling' 
>in wireshark
>
>Sorry, for late response, Juan,
>I did not quite get what filter do you mean hat can be applied 
>in the latest version of WS?
>
>
>/wbr
>Ariel Burbaickij
>
>
>On Sun, Oct 19, 2008 at 10:36 PM, Wortley, Juan (NSN - 
>AR/Cordoba) <juan.wortley@xxxxxxx> wrote:
>> Hi,
>> At least with latests versions of WS when you apply a filter it 
>> matches the criteria with "external" (GTP) and "internal" 
>> (encapsulated) protocols.
>> BR,
>> Juan
>>
>>>-----Original Message-----
>>>From: wireshark-users-bounces@xxxxxxxxxxxxx
>>>[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of 
>ext Ariel 
>>>Burbaickij
>>>Sent: Friday, October 17, 2008 9:40 AM
>>>To: Community support list for Wireshark
>>>Subject: [Wireshark-users] transparent GTP-'detunneling' in wireshark
>>>
>>>Hello community,
>>>is it possible to ssomehow 'de-tunnel' GTP traffic, so that read 
>>>filters can be naturally applied to the traffic tunneled inside GTP?
>>>
>>>/wbr
>>>Ariel Burbaickij
>>>_______________________________________________
>>>Wireshark-users mailing list
>>>Wireshark-users@xxxxxxxxxxxxx
>>>https://wireshark.org/mailman/listinfo/wireshark-users
>>>
>> _______________________________________________
>> Wireshark-users mailing list
>> Wireshark-users@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-users
>>
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube