Wireshark-dev: Re: [Wireshark-dev] Need Help of on IPV4
From: Gianluca Verin <[email protected]>
Date: Fri, 07 Aug 2009 09:57:35 +0200

The capture you posted shows a SIP signaling message between a mobile
and a SIP entity with the mobile SIP client getting a 401 unathorized
message. The message was probably captured on a 3GPP mobile network,
either on the Iu or the Gn interface if you are using 3G-UMTS, or on the
S1-U or S5 if you are playing with LTE. Let's assume was captured the Gn
interface (between SGSN and GGSN). In that case the lower level IPv4
contains the source addresses of the GGSN ( and SGSN
(, while the higher level IP, on top of GTP, contains the
addresses of the mobile SIP client ( and the SIP server
( In 3GPP networks the two IP level are called transport
level and user level. Wireshark correctly displays the information on
the user level which is supposed to be more relevant to you as it shows
the traffic exchange between a mobile-client and a server.



On Wed, 2009-08-05 at 22:50 -0700, tulip neo wrote:
> Hi List,
> Good Morning.
> I have bit confusion in IPV4 addressing.In the attached capture u
> would find the data goes through
> ethernet->IPV4->UDP->GTP->IPV4->UDP->SIP.so IPv4 is at top of ethernet
> as well GTP.IPV4 on top of ethernet has source and destination address
> as follows:
> and
> and IPV4 at top of GTP has source and dest address as follows:
> and
> First source and destination address sensed by wireshark is
> and but why in source and destination
> column the latter is displayed.
> Any pointer or help this would be of great help.Does it conceptulay
> vallid to show the latter or just wireshark works that way.
> Br
> tulip
> ______________________________________________________________________
> Love Cricket? Check out live scores, photos, video highlights and
> more. Click here.
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:[email protected]?subject=unsubscribe