Wireshark · Ethereal-dev: [Ethereal-dev] bug report regatding GPRS GTPv1

["ETC WAJU" <etcwaju@xxxxxxxxxxx>]

Dear developers

 

I am here to report a bug I found in Ethereal 0.9.7 regarding GTP v1.

The coding of Information Elemenent IMSI in GTP v1 according to 3GPP 29.060 is as follows:

bits                 8765 4321

Octects 1        type=2

            2~9       IMSI

The IMSI is TBCD-coded with a fixed length of 8 octets. Bits 8765 of octet n+1 encodes digit 2n, bits 4321 of octet n+1 encodes digit 2n-1. Unused half octets shall be coded as binary "1 1 1 1". Digits are packed contiguously with no internal padding.

So for string in the trace which I captured running on GTPv1 "02 13 20 06 02 22 22 00 F3"

the IMSI was wrongly decoded as 310060202222003, but it should be decoded as 310260202222003

 

The coding of IMSI in GTPv0 according to GSM 03.60

bits                  8765                      4321

Octects 1        type=2

               2        MCC(digit 2)       MCC(digit1)

               3         1111                      MCC(digit3)

               4          MNC(digit 2)      MCC(digit1)

               5          MSN(digit 2)      MSN(digit1)

               6          MSN(digit 4)      MSN(digit3)

               7          MSN(digit 6)      MSN(digit5)

               8         MSN(digit 8)      MSN(digit7)

               9         MSN(digit 10)     MSN(digit9)

So apparently in the above example, GTPv0 decoding was wrongly used to decode IMSI in GTPv1 format.

Please feel free to contact me for any questions.

Thanks, JW

---

Protect your PC - Click here for McAfee.com VirusScan Online