Hi,
http://www.iana.org/assignments/port-numbers
Lists:
gtp-control 2123/tcp GTP-Control Plane (3GPP)
gtp-control 2123/udp GTP-Control Plane (3GPP)
gtp-user 2152/tcp GTP-User Plane (3GPP)
gtp-user 2152/udp GTP-User Plane (3GPP)
So the dissector looks OK.
Regards
Anders
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: den 8 april 2009 06:46
To: hjazz6@xxxxxxxxx; 'Developer support list for Wireshark'
Subject: Re: [Wireshark-dev] Using port numbers to determine next dissector
>Since it's not correct for the GTP dissector to register for those
>ports, why register for them then? Is it in case GTPv1 does happen to
>run over TCP ports 2123 or 2152? But since that is not very likely to
>happen, would this result in non-GTP traffic running over TCP ports
>2123 or 2152 to be wrongly dissected as GTP traffic?
Presumably the writer of that piece of code had a reason to add those ports (or made a mistake), and yes that would interpret any traffic on those TCP ports as GTP as will the UDP ports if non GTP traffic is sent on them.
Regards
Anders
-----Ursprungligt meddelande-----
Från: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För Rayne
Skickat: den 8 april 2009 02:41
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] Using port numbers to determine next dissector
--- On Tue, 4/7/09, Guy Harris <guy@xxxxxxxxxxxx> wrote:
> From: Guy Harris <guy@xxxxxxxxxxxx>
> Subject: Re: [Wireshark-dev] Using port numbers to determine next
dissector
> To: "Developer support list for Wireshark"
> <wireshark-dev@xxxxxxxxxxxxx>
> Date: Tuesday, April 7, 2009, 4:49 PM
> On Apr 7, 2009, at 1:52 AM, Rayne wrote:
>
> >> Unless there's some flavor of GTP version 1
> documented elsewhere
> >> that runs over TCP ports 2123 or 2152, the GTP
> dissector shouldn't
> >> register for those ports, just for UDP ports 2123
> and 2152.
> >
> > ** That's what I thought, but I saw packets
> classified as GTP with
> > TCP port 2152 listed as their source or destination
> ports.
>
> When I said "shouldn't", I meant it in a prescriptive sense, rather
> than a descriptive sense - unless there's some way in which GTPv1 runs
> over TCP ports 2123 or 2152, it's not correct for the GTP dissector to
> register for those ports (that's the prescriptive sense of
> "shouldn't"), but it *does* register for them ("shouldn't" in the
> descriptive sense would have meant "the dissector doesn't register for
> those ports, so there's no way it could be handed those packets").
Since it's not correct for the GTP dissector to register for those ports, why register for them then? Is it in case GTPv1 does happen to run over TCP ports 2123 or 2152? But since that is not very likely to happen, would this result in non-GTP traffic running over TCP ports 2123 or 2152 to be wrongly dissected as GTP traffic?
And Guy, thank you very much for your detailed explanations.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
