Hi all,
I noticed that when parsing GTP packets, when the version field value in the GTP header is not zero, regardless of the Protocol Type field, the packet appears to be treated as a GTPv1 packet, i.e. it shows flags bits for "Extension Header present" etc. I've come across GTP packets where the version field value is 7 (I don't know how this happened, I thought valid values were 0, 1 and 2), the Protocol Type is 0, meaning it should be a GTP' packet, and Wireshark shows the Extension Header present bit, Reserved BIT (should have been 3 bits for a GTP' packet), and N-PDU bit present, as if it was a GTPv1 packet.
Does Wireshark only use the version field to determine the type of GTP packet, i.e. GTP or GTP'?
Thank you.
|
