Wireshark-bugs: [Wireshark-bugs] [Bug 3549] New: tshark fails to display GTP (gtp.apn) paramter
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3549
Summary: tshark fails to display GTP (gtp.apn) paramter using
option -z proto,colinfo,ip,gtp.apn
Product: Wireshark
Version: 1.2.0
Platform: Other
OS/Version: Windows XP
Status: NEW
Severity: Major
Priority: Low
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: frank.maerz@xxxxxxxxxxx
Created an attachment (id=3146)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3146)
Example GTP packet
Build Information:
tshark -v
TShark 1.2.0
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.12.3, with libpcap 0.9.4, with libz 1.2.3, without POSIX
capabilities, without libpcre, without SMI, without c-ares, without ADNS,
without Lua, with GnuTLS 1.4.1, with Gcrypt 1.2.4, with MIT Kerberos, without
GeoIP.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.
Running on Linux 2.6.18-92.1.13.el5xen, with libpcap version 0.9.4, GnuTLS
1.4.1, Gcrypt 1.2.4.
Built using gcc 4.1.2 20080704 (Red Hat 4.1.2-44).
You have new mail in /var/spool/mail/root
--
I just updated to wireshark/tshark version 1.2.0. I found a problem with the
new version in displaying the gtp.apn information while using tshark. The value
for gtp.apn is no longer displayed.
I is no problem in earlier versions. I check it was working up to 1.0.8
It can be reproduced very easily. I have one GTP packet attached. Running
tshark version 1.2.0 misses the gtp.apn infomation while older versions show
it. The syntax is shorten to foucus on the issue. I use about 10 gtp parameters
in my tool, but only gtp.apn is missing as far as I could see.
Working with version up 1.0.8 - GTP APN is displayed
[root@wireshark_0.99.7 tmp]tshark -r /tmp/gtp_example.pcap -R "(gtp.message ==
0x10) and (gtp.imsi or gtp.apn)" -z proto,colinfo,ip,gtp.imsi -z
proto,colinfo,ip,gtp.apn
1 0.000000 193.254.140.1 -> 213.4.103.164 GTP Create PDP context request
gtp.apn == "BLACKBERRY.NET" gtp.imsi == "214072930217583"
Not working with version 1.2.0 - GTP APN is NOT displayed
[root@wireshark_1.2.0 tmp]# tshark -r /tmp/gtp_example.pcap -R "(gtp.message
== 0x10) and (gtp.imsi or gtp.apn)" -z proto,colinfo,ip,gtp.imsi -z
proto,colinfo,ip,gtp.apn
1 0.000000 193.254.140.1 -> 213.4.103.164 GTP Create PDP context request
gtp.imsi == "214072930217583"
I wonder if you have any idea what this causes this problem? I can not code
myself. Any help would be great.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.