Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 2136] New: Missing -z proto, colinfo, ip, gtp.teid

Wireshark-bugs: [Wireshark-bugs] [Bug 2136] New: Missing -z proto, colinfo, ip, gtp.teid_cp and

Date: Sun, 23 Dec 2007 19:30:27 +0000 (GMT)

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2136

           Summary: Missing -z proto,colinfo,ip,gtp.teid_cp and -z
                    proto,colinfo,ip,gtp.teid_data
           Product: Wireshark
           Version: 0.99.7
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: janvantonder@xxxxxxxxxxxxxx


Build Information:
Compiled with GLib 2.14.1, with libpcap 0.9.7, with libz 1.2.3, without
libpcre,
without Net-SNMP, without ADNS, without Lua, without GnuTLS, without Gcrypt,
without Kerberos.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.22.5-31-default, with libpcap version 0.9.7.

Built using gcc 4.2.1 (SUSE Linux).
--
Hi!

I have detected a bug in the latest tshark 0.99.7. I use the below command to
extract certain signalling parameters from the GTP protocol. This has worked
fine with tshark 0.99.6, but since 0.99.7 two parameters (as far as I can see)
are not shown (gtp.teid_data and gtp.teid_cp).

Here is the tshark command I use:

tshark -l -n -r  ./trace.pcap -R "((gtp.message == 0x10 or gtp.message == 0x11)
and not (icmp)) and (ip.src or ip.dst or udp.srcport or udp.dstport or
gtp.flags.version or gtp.message or gtp.teid or gtp.seq_number or gtp.tid or 
gtp.cause or gtp.imsi or gtp.teid_cp or gtp.teid_data or gtp.apn or gtp.msisdn
or gtp.mcc or gtp.mnc or gtp.ext_rat_type or gtp.ext_imeisv or gtp.user_ipv4)"
-t ad -z proto,colinfo,ip,ip.src -z proto,colinfo,ip,ip.dst -z
proto,colinfo,ip,udp.srcport -z proto,colinfo,ip,udp.dstport -z
proto,colinfo,ip,gtp.flags.version -z proto,colinfo,ip,gtp.message -z
proto,colinfo,ip,gtp.teid -z proto,colinfo,ip,gtp.seq_number -z
proto,colinfo,ip,gtp.tid -z proto,colinfo,ip,gtp.cause -z
proto,colinfo,ip,gtp.imsi -z proto,colinfo,ip,gtp.teid_cp -z
proto,colinfo,ip,gtp.teid_data -z proto,colinfo,ip,gtp.apn -z
proto,colinfo,ip,gtp.msisdn -z proto,colinfo,ip,gtp.mcc -z
proto,colinfo,ip,gtp.mnc -z proto,colinfo,ip,gtp.ext_rat_type -z
proto,colinfo,ip,gtp.ext_imeisv -z proto,colinfo,ip,gtp.user_ipv4

Here is the output with tshark 0.99.6 (Create PDP Context Request):

18930 2007-07-13 13:04:24.035541 193.254.136.83 -> 145.7.75.49  GTP Create PDP
context request  gtp.ext_imeisv == 53:87:09:00:19:35:38:21  gtp.ext_rat_type ==
2  gtp.mnc == 1  gtp.mcc == 262  gtp.msisdn == "+31612085129"  gtp.apn ==
"blackberry.net"  gtp.teid_data == 0xab203440  gtp.teid_cp == 0x10004c2c 
gtp.imsi == "204080664362965"  gtp.seq_number == 0xdb8b  gtp.teid == 0x00000000
 gtp.message == 0x10  gtp.flags.version == 1  udp.dstport == 2123  udp.srcport
== 2123  ip.dst == 145.7.75.49  ip.src == 193.254.136.83

And here for tshark 0.99.7 (same Create PDP Context Request):

18930 2007-07-13 13:04:24.035541 193.254.136.83 -> 145.7.75.49  GTP Create PDP
context request  gtp.ext_imeisv == "3578900091538312"  gtp.ext_rat_type == 2 
gtp.mnc == 1  gtp.mcc == 262  gtp.msisdn == "+31612085129"  gtp.apn ==
"blackberry.net"  gtp.imsi == "204080664362965"  gtp.seq_number == 0xdb8b 
gtp.teid == 0x00000000  gtp.message == 0x10  gtp.flags.version == 1 
udp.dstport == 2123  udp.srcport == 2123  ip.dst == 145.7.75.49  ip.src ==
193.254.136.83

The IMEI is now shown correctly, but I noticed thet the gtp.teid_cp and
gtp.teid_data fields are missing in 0.99.7.

Same for the Create PDP Context Response:

0.99.6:

18931 2007-07-13 13:04:24.092252 213.158.205.129 -> 193.254.138.18 GTP Create
PDP context response  gtp.teid_data == 0x18c064b5  gtp.teid_cp == 0x18c064b0 
gtp.cause == 128  gtp.seq_number == 0x7297  gtp.teid == 0x1000714e  gtp.message
== 0x11  gtp.flags.version == 1  udp.dstport == 2123  udp.srcport == 2123 
ip.dst == 193.254.138.18  ip.src == 213.158.205.129

0.99.7:

18931 2007-07-13 13:04:24.092252 213.158.205.129 -> 193.254.138.18 GTP Create
PDP context response  gtp.cause == 128  gtp.seq_number == 0x7297  gtp.teid ==
0x1000714e  gtp.message == 0x11  gtp.flags.version == 1  udp.dstport == 2123 
udp.srcport == 2123  ip.dst == 193.254.138.18  ip.src == 213.158.205.129

If needed, I can provide you with a trace file, just let me know.

Thanks and regards!
Michael Geisberger


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Prev by Date: [Wireshark-bugs] [Bug 2135] Incorrectly assumed minimum length of UDHL in packet-gsm_sms.c
Next by Date: [Wireshark-bugs] [Bug 2026] subdissection capabilites for RTP header extension
Previous by thread: [Wireshark-bugs] [Bug 2135] Incorrectly assumed minimum length of UDHL in packet-gsm_sms.c
Next by thread: [Wireshark-bugs] [Bug 2026] subdissection capabilites for RTP header extension
Index(es):
- Date
- Thread