tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BPF syntax extension for GTP-U (mobile ip packet)

From: "Ambika Prasad Tripathy" <ambika.tripathy () nethawk exfo com>
Date: Mon, 23 Aug 2010 10:45:16 +0530
As I know current BOF filter mechanism of TCPDUMP, only index based filter
is possible to filter those IMSI, APN , MSISDN etc... by taking tunnel
transport layer as a base 

e.g.

I was to filter GTP-U packets for TEID = 23456345
Then the iindex based filter will work (we assume GTP-U header is of 8 bytes
after UDP)

" Udp[12:4]== 23456345"

But my proposal is to include a filter like VLAN for GTP. So that GTP layer
will be treated as a link layer and network layer filter will start from
mobile IP index. 

So after support it the above filter will work like 

"Gtp 23456345" to filter all GTP packets with TEID as 23456345.

In case we need to filter say 10.21.21.2 mobile if from above filter, the
filter will be

"gtp 23456345 and host 10.21.21.2 "



Br,
Ambika Prasad Tripathy
CSL, iPro 
Mobile: +91 9437547730
-----Original Message-----
From: tcpdump-workers-owner () lists tcpdump org
[mailto:tcpdump-workers-owner () lists tcpdump org] On Behalf Of Dánial
Sent: Friday, August 20, 2010 5:39 PM
To: tcpdump-workers () lists tcpdump org
Subject: Re: [tcpdump-workers] BPF syntax extension for GTP-U (mobile ip
packet)



I am searching a way how to filter GTP packets and hence mobile IP data

over

GTP-U.



I've wanted to do this as well, to filter on APN, IMSI or MSISDN.
Is it not possible to do with the current tcpdump?

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: