Working for IP over GTP

["Ambika Tripathy" <ambika.tripathy () nethawkgroup com>]

Hi Exports,

 

I am new to libpcap/tcpdump application. I am trying to filter IP packets
flowing over GTP-U header. If I assume the GTP-U header is only 8 bytes it
works fine. But my problem is when GTP-U contains some extra data (gtp
header length > 8)  how I can determine the start IP header to do bit
masking for source IP check. 

 

Also if I want to extract flow over GTP-U for some port then it is more
complicated. Please help me to understand the filtering syntax for the case.

 

 

My stack for BPF filtering

 

UDP    ---> I want to filter some flow for a particular port for this UDP
header.

-------

IP     ----> length > 20 

--------

GTP-U   ----> length is GTP-U is more than 8 bytes

-------

udp

-------

IP

--------

Eth-ii

 

 

If I assume the GTP-U header is 8 bytes and IP header over GTP-U is 20
bytes, then the BPF is working fine. If the current BPF is not enough then
please let me know how I write the bpf_insn struct to get required packets
in a generic way? 

 

Br,

Ambika Prasad Tripathy

Call@ +91 94375 47730

 

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.