Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 1536] New: Wireshark packet-gtp.c error in decoding IMEI

[bugzilla-daemon@xxxxxxxxxxxxx]

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1536

           Summary: Wireshark packet-gtp.c error in decoding IMEI
           Product: Wireshark
           Version: 0.99.5
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: frank.maerz@xxxxxxxxxxx


Build Information:
TShark 0.99.5-SVN-19935

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. This
is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 1.2.10, with libpcap 0.7.2, with libz 1.1.4, without
libpcre, without UCD-SNMP or Net-SNMP, without ADNS, without Lua, without
GnuTLS, without Gcrypt, with MIT Kerberos.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.4.21-40.ELsmp, with libpcap (version unknown).

Built using gcc 3.2.3 20030502 (Red Hat Linux 3.2.3-56).

--
We notice that the IMEI is not decoded corectly. I wonder if you can have a
look at this?
The correct IMSI looks likes: 352757…..   but the decoded part looks like:

IMEI(SV): 5372751000339830 

00c0 40 97 00 01 02 9a 00 08 53 72 75 10 00 33 98 30

The IMEI(SV) is BCD coded but not unpacked by WS.



No.     Time            Source                Destination           Protocol
Info
  14128 10:28:27.763299 212.234.96.130        193.254.136.33        GTP     
Create PDP context request

Frame 14128 (208 bytes on wire, 208 bytes captured)
Ethernet II, Src: Cisco_c5:e4:00 (00:03:32:c5:e4:00), Dst: HewlettP_d1:ef:88
(00:12:79:d1:ef:88)
Internet Protocol, Src: 212.234.96.130 (212.234.96.130), Dst: 193.254.136.33
(193.254.136.33)
User Datagram Protocol, Src Port: 2123 (2123), Dst Port: 2123 (2123)
GPRS Tunneling Protocol
    Flags: 0x32
    Message Type: Create PDP context request (0x10)
    Length: 158
    TEID: 0x00000000
    Sequence number: 0x3dee
    N-PDU Number: 0x00
    Next extension header type: 0x00
    [--- end of GTP header, beginning of extension headers ---]
    IMSI: 262019510184587
    Routing Area Identity
    Recovery: 195
    Selection mode: MS provided APN, subscription not verified (1)
    TEID Data I: 0x1a0a3de5
    TEID Control Plane: 0x1a0a3de5
    NSAPI: 5
    End user address (IETF/IPv4)
    Access Point Name
    Protocol configuration options
    GSN address : 212.234.96.130
    GSN address : 212.234.96.149
    MSISDN: +491719000725
    Quality of Service
    RAT Type
    IMEI(SV)
        Length: 8
        IMEI(SV): 5372751000339830

0000  00 12 79 d1 ef 88 00 03 32 c5 e4 00 08 00 45 e0   ..y.....2.....E.
0010  00 c2 75 f3 00 00 f4 11 cf ca d4 ea 60 82 c1 fe   ..u.........`...
0020  88 21 08 4b 08 4b 00 ae d6 33 32 10 00 9e 00 00   .!.K.K...32.....
0030  00 00 3d ee 00 00 02 62 02 91 15 10 48 85 f7 03   ..=....b.Q..H...
0040  02 f8 10 ff fe ff 0e c3 0f fd 10 1a 0a 3d e5 11   .............=..
0050  1a 0a 3d e5 14 05 80 00 02 f1 21 83 00 12 08 69   ..=.......!....i
0060  6e 74 65 72 6e 65 74 08 74 2d 6d 6f 62 69 6c 65   nternet.t-mobile
0070  84 00 27 80 c0 23 10 01 00 00 10 08 74 2d 6d 6f   ..'..#......t-mo
0080  62 69 6c 65 02 74 6d 80 21 10 01 00 00 10 81 06   bile.tm.!.......
0090  00 00 00 00 83 06 00 00 00 00 85 00 04 d4 ea 60   ...............`
00a0  82 85 00 04 d4 ea 60 95 86 00 07 91 94 71 91 00   ......`......q!.
00b0  70 52 87 00 0c 02 1b 62 1f 73 96 40 68 74 fb 10   pR.....b.s.@ht..
00c0  40 97 00 01 02 9a 00 08 53 72 75 10 00 33 98 30   @.......Sru..3.0


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.