Ethereal-users: [Ethereal-users] GTP protocoll capture filter help

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Varga Miki" <szityu2@xxxxxxxxx>
Date: Tue, 4 Nov 2003 23:18:08 +0100 (CET)
I would need a capture filter in which I can identify GTP packets, which
have a given MSISDN number.How should I do this?

Is it possible to use a pattern for it? Please help a bit with it.
The packet looks like this:

GTP
UDP
IP


GPRS Tunnelling Protocol v0
    Flags: 0x1e
        000. .... = Version: GTP release 97/98 version (0)
        ...1 .... = Protocol type: 1
        .... 111. = Reserved: 7
        .... ...0 = Is SNDCP N-PDU included?: no
    Message type: Create PDP context request (0x10)
    Length: 79
    Sequence number: 0x1001
    Flow label: 0x0000
    SNDCP N-PDU LLC Number: 0xff
    TID: 2400101234567890
    [--- end of GTPv0 header, beginning of extension headers ---]
    Quality of Service: delay: 8, reliability: 3, peak: 144, precedence:
2, mean: 31
        00.. .... = Spare: 0
        ..00 1... = QoS delay: Delay class 1 (1)
        .... .011 = QoS reliability: Unack GTP/LLC, Ack RLC, Protected
data (3)
        1001 .... = QoS peak: Up to 256 000 oct/s (9)
        .... 0... = Spare: 0
        .... .010 = QoS precedence: Normal priority (2)
        000. .... = Spare: 0
        ...1 1111 = QoS mean: Best effort (31)
    Recovery: 68
    Selection mode: MS provided APN, subscription not verified (1)
    Flow Label Data I: 0x0000
    Flow label Signalling: 0x0000
    End user address (IETF/IPv4)
        Length : 2
        PDP type organization: IETF (1)
        PDP type number: IPv4 (0x21)
    Access Point Name
        APN length : 9
        APN: internet
    Protocol configuration options
        Length: 21
        Configuration protocol (00000xxx): 0
        Protocol 1 ID: Password Authentication Protocol (0xc023)
        Protocol 1 length: 18
        PPP Password Authentication Protocol
            Code: Authenticate-Request (0x01)
            Identifier: 0x01
            Length: 17
            Data (13 bytes)
                Peer ID length: 3 bytes
                    Peer-ID (3 bytes)
                Password length: 8 bytes
                    Password (8 bytes)
    GSN address : 152.66.238.90
        GSN address length : 4
        GSN address IPv4: 152.66.238.90 (152.66.238.90)
    GSN address : 152.66.238.90
        GSN address length : 4
        GSN address IPv4: 152.66.238.90 (152.66.238.90)
    MSISDN: +46702123456


			      	    1e 10 00 4f 10 01   ...:.:.k.....O..
0030  00 00 ff ff ff ff 42 00 01 21 43 65 87 09 06 0b   ......B..!Ce....
0040  92 1f 0e 44 0f 01 10 00 00 11 00 00 80 00 02 f1   ...D............
0050  21 83 00 09 08 69 6e 74 65 72 6e 65 74 84 00 15   !....internet...
0060  80 c0 23 12 01 01 00 11 03 6d 69 67 08 68 65 6d   ..#......mig.hem
0070  6d 65 6c 69 67 85 00 04 98 42 ee 5a 85 00 04 98   melig....B.Z....
0080  42 ee 5a 86 00 07 91 64 07 12 32 54 f6            B.Z....d..2T.


Thanks a lot!