|
Ethereal[Ethereal-users] GTP unknown for UDP packets |
|
||
|
|
Ethereal[Ethereal-users] GTP unknown for UDP packets |
|
||
Have a question regarding an observation I made when inspecting multicast traffic. Rather than seeing the UDP source/destination port do I see "GTP Unknown" [ref below excerpt], now trying to understand why I see this (See the source address ok on the same packets when inspecting the traffic further down streams using snoop so it seems to be an ethereal issue) root@us01ndadfsniffer01 root]# /usr/local/bin/tethereal -i eth1 -ta udp|egrep "GTP Unknown" Capturing on eth1 14:43:46.201231 206.200.6.37 -> 224.0.17.37 GTP Unknown 14:43:46.301233 206.200.6.37 -> 224.0.17.37 GTP Unknown 14:43:46.351391 206.200.6.37 -> 224.0.17.37 GTP Unknown 14:43:46.402134 206.200.6.37 -> 224.0.17.37 GTP Unknown 14:43:46.452912 206.200.6.37 -> 224.0.17.37 GTP Unknown #expected format [root@us01ndadfsniffer01 root]# /usr/local/bin/tethereal -i eth1 -ta udp|egrep "224\.0\.17\.39" Capturing on eth1 15:03:43.913780 206.200.6.39 -> 224.0.17.39 UDP Source port: 2153 Destination port: 55295 15:03:43.916962 206.200.6.39 -> 224.0.17.39 UDP Source port: 2153 Destination port: 55295 15:03:43.965605 206.200.6.39 -> 224.0.17.39 UDP Source port: 2153 Destination port: 55295 15:03:44.014957 206.200.6.39 -> 224.0.17.39 UDP Source port: 2153 Destination port: 55295 #ethereal version info root@us01ndadfsniffer01 root]# /usr/local/bin/tethereal -h This is GNU tethereal 0.10.4 (C) 1998-2004 Gerald Combs <gerald@xxxxxxxxxxxx> Compiled with GLib 1.2.10, with libpcap 0.8.3, with libz 1.1.4, without libpcre, without UCD-SNMP or Net-SNMP, without ADNS. NOTE: this build does not support the "matches" operator for Ethereal filter syntax. Running with libpcap version 0.8.3 on Linux 2.4.20-8. Regards Robert
Powered by MHonArc 2.6.10