On 11/4/09, Joel Sing <js...@cvs.openbsd.org> wrote: > CVSROOT: /cvs > Module name: src > Changes by: js...@cvs.openbsd.org 2009/11/04 02:43:11 > > Modified files: > usr.sbin/tcpdump: Makefile interface.h print-udp.c > Added files: > usr.sbin/tcpdump: gtp.h print-gtp.c > > Log message: > Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), > used to carry GPRS data over IP for GSM and UMTS networks. The decoder > understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however > at this stage not all TLV fields are fully decoded.
That's simply amazing! The only reason I need to deal with wireshark (and former ethereal) is because it handles GTP. But my God, it's so buggy, so it crashes way to much unless you disable decoding of almost anything but needed (but then again, command line tool still attempts to decode everything and dies miserably). If it could be also added to filter on basic fields (like IMSI, TID, TEID, operation code, cause etc.) that would be dream of dreams. The top dream is to give tcpdump IMSI, so it can track PDPs based on TID (GTPv0) or TEID for GTP-C and GTP-U it learnt from Create PDP Context Request / Response, including handling of Update PDP Context... I am updating my source tree, can't wait to take a look at it. > This work has been kindly sponsored by SystemNet AS (www.systemnet.no). Thanks Joel and SystemNet AS, that is awesome! > "commit" deraadt@
