ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: [Ethereal-dev] Tethereal - colinfo protocolinfo displays only one value in versi

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "März, Frank" <Frank.Maerz@xxxxxxxxxxx>
Date: Tue, 29 Mar 2005 14:07:46 +0200
Title: Nachricht
Hello tethereal expert,
 
I am using tethereal to generate text reports on GTP traffic. I filter the data and write the information into one file. Starting with version 0.10.10 I run into a problem with the "-z" option in tethereal. I write each packet into one line and add would like the information for the MSISDN, APN and IMSI to be display as well. Therefore I've being using the syntax:
 
tethereal -i eth2 -n -l -R "(gtp.message == 0x10 or gtp.message == 0x11) or (gtp.apn or gtp.msisdn or gtp.imsi)" -t ad
-z proto,colinfo,ip,gtp.imsi -z proto,colinfo,ip,gtp.apn -z proto,colinfo,ip,gtp.msisdn
 
Up to version 0.10.9 I had not had any problems. The following problem is happing on my machines now. I use Fedora 1,2,3 on differnet hardware and have same problem.
 
Only ONE colinfo gets displayed. No matter how many values I describe in the command only the last gets dispaly. Before the new version this was no issue at all.
 
I even took a recored file (0.10.10) and copied it to a 0.10.9 and there the problem does not occure.
 
The output I used to get was:
 
DATE   TIME   SRC_IP   DES_IP   GTP   GTP_TYPE   GTP_IMSI   GTP_MSISDN   GTP_APN
 
Now I am getting only:
 
DATE   TIME   SRC_IP   DES_IP   GTP   GTP_TYPE  plus the last colinfo I specifiy. 
 
 
[root@hpsr08 root]# uname -a
Linux hpsr08 2.6.6-1.435.2.3smp #1 SMP Thu Jul 1 08:36:21 EDT 2004 i686 i686 i386 GNU/Linux

[root@hpsr08 root]# tethereal -v
tethereal 0.10.10
Compiled with GLib 2.4.0, with libpcap 0.8.3, with libz 1.2.1.1,
without libpcre, without UCD-SNMP or Net-SNMP, without ADNS.
NOTE: this build doesn't support the "matches" operator for Ethereal filter
syntax.
Running with libpcap version 0.8.3 on Linux 2.6.6-1.435.2.3smp.

[root@hpsr08 root]# /usr/local/bin/tethereal -i eth2 -n -l -R "(gtp.message == 0x10 or gtp.message == 0x11) or (gtp.apn or gtp.msisdn or       gtp.imsi)" -t ad -z proto,colinfo,ip,gtp.imsi -z proto,colinfo,ip,gtp.msisdn -z proto,colinfo,ip,gtp.apn

Warning:  Couldn't obtain netmask info (eth2: no IPv4 address assigned).
Capturing on eth2

2005-03-29 13:31:05.241443 193.254.142.242 -> 66.102.184.193 GTP Create PDP context request  gtp.apn == "wap.cingular"
2005-03-29 13:31:05.332887 193.254.144.147 -> 62.180.77.4  GTP Create PDP context request  gtp.apn == "pwap.interkom.de"
2005-03-29 13:31:05.398349 193.254.142.244 -> 62.180.77.4  GTP Create PDP context request  gtp.apn == "pwap.interkom.de"
2005-03-29 13:31:05.500037 193.254.144.127 -> 213.162.74.1 GTP Create PDP context response
2005-03-29 13:31:07.760933 193.254.142.245 -> 62.180.77.68 GTP Create PDP context request  gtp.apn == "internet"
2005-03-29 13:31:08.258136 193.254.143.244 -> 82.113.117.193 GTP Create PDP context request  gtp.apn == "wap.viaginterkom.de"
2005-03-29 13:31:08.849907 193.254.143.245 -> 217.200.176.129 GTP Create PDP context request  gtp.apn == "wap.tim.it"
2005-03-29 13:31:10.399354 193.254.144.62 -> 193.109.210.2 GTP Create PDP context response
2005-03-29 13:31:10.664570 193.254.144.127 -> 80.27.127.20 GTP Create PDP context response
2005-03-29 13:31:11.876096 193.254.142.244 -> 82.113.117.193 GTP Create PDP context request  gtp.apn == "wap.viaginterkom.de"


[root@hpsr08 root]# /usr/local/bin/tethereal -i eth2 -n -l -R "(gtp.message == 0x10 or gtp.message == 0x11) or (gtp.apn or gtp.msisdn or gtp.imsi)" -t ad -z proto,colinfo,ip,gtp.imsi  -z proto,colinfo,ip,gtp.apn -z proto,colinfo,ip,gtp.msisdn
Warning:  Couldn't obtain netmask info (eth2: no IPv4 address assigned).
Capturing on eth2
2005-03-29 13:31:22.210034 193.254.140.241 -> 62.180.77.68 GTP Create PDP context request  gtp.msisdn == "+493799740015"
2005-03-29 13:31:22.402168 193.254.144.62 -> 217.200.177.35 GTP Create PDP context response
2005-03-29 13:31:23.270027 193.254.140.246 -> 209.183.43.21 GTP Create PDP context request  gtp.msisdn == "+13356068528"
2005-03-29 13:31:23.929503 193.254.142.243 -> 194.251.187.41 GTP Create PDP context request  gtp.msisdn == "+353405600695"
2005-03-29 13:31:26.234386 193.254.140.241 -> 62.180.77.68 GTP Create PDP context request  gtp.msisdn == "+491499740015"
2005-03-29 13:31:26.351305 193.254.144.146 -> 62.180.77.3  GTP Create PDP context request  gtp.msisdn == "+4915626429771"
2005-03-29 13:31:26.397277 193.254.144.147 -> 62.180.77.68 GTP Create PDP context request  gtp.msisdn == "+4912624608706"
2005-03-29 13:31:27.324226 193.254.144.190 -> 80.27.126.79 GTP Create PDP context response

 

Could anybody please look into the issue. I think the iusse is not just with GTP but with any other protocol, too.
 

 
Best regards,
 
Frank Maerz
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube