Snort mailing list archives
Re: Snort for report GTp statistics
From: Hui Cao <hcao () sourcefire com>
Date: Thu, 05 Jul 2012 09:36:50 -0400
You can get GTP_U statistics by not enabling GTP decoding (commenting out "config enable_gtp"). After GTP decoding for GTP-U, that message will be the actual message when it goes through GTP preprocessor. Therefore, you won't get any type of GTP-U pakcets when GTP-U decoding is enabled.
Best, Hui. On 07/04/2012 11:53 PM, Vinayak Malshetty wrote:
Hi All,I am using snort for get GTP packets statistics in my conf file I have enabled GTP decoder and preprocessor. But snort is reporting statistics for GTP-c(signaling messages). Is there any way I can configure snort to report both GTP-c and GTP-U packets.My set-up A1 ------------------------------ A2 | | | A3A1,A2 and A3 are linux machines. A1 and A2 behave as GGSS and SGSN whre GTP pkts(gtp-c and gtp-u) are sent and received. I am running snort on A3 to monitors GTP packets b/w A1<->A2 and report the GTP statistics. But I am getting statistics only for GTP-c pkts and not for GTP-U pktsLog: ------ =============================================================================== GTP Preprocessor Statistics Total sessions: 2 Total reserved messages: 0 Packets with reserved information elements: 0 Total messages of version 1: 12 ===============================================================================Can anyone suggest me is there any-way to report GTP-U statistics. Please do let me know if any more info is neededMany Thanks, -Vinayak ------------------------------------------------------------------------ http://www.mindtree.com/email/disclaimer.html ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort for report GTp statistics Vinayak Malshetty (Jul 04)
- Re: Snort for report GTp statistics Hui Cao (Jul 05)
- Re: Snort for report GTp statistics Vinayak Malshetty (Jul 05)
- Re: Snort for report GTp statistics Hui Cao (Jul 09)
- Re: Snort for report GTp statistics Vinayak Malshetty (Jul 05)
- Re: Snort for report GTp statistics Hui Cao (Jul 05)