Wireshark-bugs: [Wireshark-bugs] [Bug 3549] New: tshark fails to display GTP (gtp.apn) paramter
Date: Thu, 18 Jun 2009 23:37:40 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3549

           Summary: tshark fails to display GTP (gtp.apn) paramter using
                    option -z proto,colinfo,ip,gtp.apn
           Product: Wireshark
           Version: 1.2.0
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: frank.maerz@xxxxxxxxxxx


Created an attachment (id=3146)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3146)
Example GTP packet

Build Information:
tshark -v
TShark 1.2.0

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.12.3, with libpcap 0.9.4, with libz 1.2.3, without POSIX
capabilities, without libpcre, without SMI, without c-ares, without ADNS,
without Lua, with GnuTLS 1.4.1, with Gcrypt 1.2.4, with MIT Kerberos, without
GeoIP.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.18-92.1.13.el5xen, with libpcap version 0.9.4, GnuTLS
1.4.1, Gcrypt 1.2.4.

Built using gcc 4.1.2 20080704 (Red Hat 4.1.2-44).
You have new mail in /var/spool/mail/root

--
I just updated to wireshark/tshark version 1.2.0. I found a problem with the
new version in displaying the gtp.apn information while using tshark. The value
for gtp.apn is no longer displayed. 

I is no problem in earlier versions. I check it was working up to 1.0.8

It can be reproduced very easily. I have one GTP packet attached. Running
tshark version 1.2.0 misses the gtp.apn infomation while older versions show
it. The syntax is shorten to foucus on the issue. I use about 10 gtp parameters
in my tool, but only gtp.apn is missing as far as I could see.

Working with version up 1.0.8 - GTP APN is displayed

[root@wireshark_0.99.7 tmp]tshark -r /tmp/gtp_example.pcap  -R "(gtp.message ==
0x10) and (gtp.imsi or gtp.apn)" -z proto,colinfo,ip,gtp.imsi -z
proto,colinfo,ip,gtp.apn 
  1   0.000000 193.254.140.1 -> 213.4.103.164 GTP Create PDP context request 
gtp.apn == "BLACKBERRY.NET"  gtp.imsi == "214072930217583"

Not working with version 1.2.0 - GTP APN is NOT displayed

[root@wireshark_1.2.0 tmp]# tshark -r /tmp/gtp_example.pcap  -R "(gtp.message
== 0x10) and (gtp.imsi or gtp.apn)" -z proto,colinfo,ip,gtp.imsi -z
proto,colinfo,ip,gtp.apn
  1   0.000000 193.254.140.1 -> 213.4.103.164 GTP Create PDP context request 
gtp.imsi == "214072930217583"

I wonder if you have any idea what this causes this problem? I can not code
myself. Any help would be great.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.