On Jun 1, 2009, at 10:54 PM, tulip neo wrote:
May be this n't a vallid question but keeps wondering me.over which
interface the following is possible.
What do you mean by "interface"? If you're referring to the network
hardware, that's possible over *any* interface for a network type that
supports IP - Ethernet, ATM, Wi-Fi, PPP over two tin cans and a
string....
I mean sip over UDP and SIP over GTP.i mean both should be possible
at a time.
Yes - there's nothing about either Ethernet, IP, or UDP that prevents
both
Ethernet->ipv4->udp->SIP
and
Ethernet->ipv4->udp->GTP->ipv4->udp->sip
from being supported on the same Ethernet segment.
I have attached a small capture to illustrate the problem.
In that capture, it's probably over either an Ethernet or a Wi-Fi
interface (Wi-Fi interfaces, and the drivers for them, sometimes
supply packets with fake Ethernet headers).
Is there any way i can know from capture what interface was used to
capture the traffic.
No, not from that capture; it's in libpcap format, which means there's
no indication of, for example, the name (on the host on which the
capture was done) of the network interface on which the capture was
done.
The network stack is Ethernet->ipv4->udp->SIP, so it was probably not
Ethernet->ipv4->udp->GTP->ipv4->udp->sip, unless the machine on which
the capture was done handled GTP by taking the GTP packet and putting
a fake Ethernet header on it, which I suspect is unlikely.
