Ethereal

RE: [Ethereal-users] GTP unknown for UDP packets
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: November 2005

 

Hi,
I assume the first packets are sent from port 2152 which is the "well known port" of GTP
gtp-user        2152/tcp   GTP-User Plane (3GPP)
gtp-user        2152/udp   GTP-User Plane (3GPP)
Hence ethereal tries to decode this as GTP, you could dissable the GTP protocol or use "decode as" for the protocol actually
Used on top of UDP.

Brg
Anders 

-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Robert Ångström
Sent: den 8 november 2005 21:40
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] GTP unknown for UDP packets

Have a question regarding an observation I made when inspecting multicast traffic.
Rather than seeing the UDP source/destination port do I see "GTP Unknown" [ref below excerpt], now trying to understand why I see this (See the source address ok on the same packets when inspecting the traffic further down streams using snoop so it seems to be an ethereal issue)


root@us01ndadfsniffer01 root]#
/usr/local/bin/tethereal -i eth1 -ta udp|egrep "GTP Unknown"
Capturing on eth1
14:43:46.201231 206.200.6.37 -> 224.0.17.37  GTP Unknown
14:43:46.301233 206.200.6.37 -> 224.0.17.37  GTP Unknown
14:43:46.351391 206.200.6.37 -> 224.0.17.37  GTP Unknown
14:43:46.402134 206.200.6.37 -> 224.0.17.37  GTP Unknown
14:43:46.452912 206.200.6.37 -> 224.0.17.37  GTP Unknown


#expected format

[root@us01ndadfsniffer01 root]#
/usr/local/bin/tethereal -i eth1 -ta udp|egrep "224\.0\.17\.39"
Capturing on eth1
15:03:43.913780 206.200.6.39 -> 224.0.17.39  UDP Source port: 2153  Destination port: 55295
15:03:43.916962 206.200.6.39 -> 224.0.17.39  UDP Source port: 2153  Destination port: 55295
15:03:43.965605 206.200.6.39 -> 224.0.17.39  UDP Source port: 2153  Destination port: 55295
15:03:44.014957 206.200.6.39 -> 224.0.17.39  UDP Source port: 2153  Destination port: 55295

#ethereal version info

root@us01ndadfsniffer01 root]#
/usr/local/bin/tethereal -h
This is GNU tethereal 0.10.4
 (C) 1998-2004 Gerald Combs <gerald@xxxxxxxxxxxx> Compiled with GLib 1.2.10, with libpcap 0.8.3, with libz 1.1.4, without libpcre, without UCD-SNMP or Net-SNMP, without ADNS.
NOTE: this build does not support the "matches"
operator for Ethereal filter
syntax.

Running with libpcap version 0.8.3 on Linux 2.4.20-8.



Regards
Robert

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.