Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Denis Doroshenko (denis.doroshenkogmail.com)
Date: Wed Nov 04 2009 - 05:38:45 CST
On 11/4/09, Joel Sing <jsingcvs.openbsd.org> wrote:
> CVSROOT: /cvs
> Module name: src
> Changes by: jsingcvs.openbsd.org 2009/11/04 02:43:11
> Modified files:
> usr.sbin/tcpdump: Makefile interface.h print-udp.c
> Added files:
> usr.sbin/tcpdump: gtp.h print-gtp.c
> Log message:
> Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP),
> used to carry GPRS data over IP for GSM and UMTS networks. The decoder
> understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however
> at this stage not all TLV fields are fully decoded.
That's simply amazing! The only reason I need to deal with wireshark
(and former ethereal) is because it handles GTP. But my God, it's so
buggy, so it crashes way to much unless you disable decoding of almost
anything but needed (but then again, command line tool still attempts
to decode everything and dies miserably).
If it could be also added to filter on basic fields (like IMSI, TID,
TEID, operation code, cause etc.) that would be dream of dreams. The
top dream is to give tcpdump IMSI, so it can track PDPs based on TID
(GTPv0) or TEID for GTP-C and GTP-U it learnt from Create PDP Context
Request / Response, including handling of Update PDP Context... I am
updating my source tree, can't wait to take a look at it.
> This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
Thanks Joel and SystemNet AS, that is awesome!
> "commit" deraadt