Wireshark-users: Re: [Wireshark-users] transparent GTP-'detunneling' in wireshark
Hi,
All regarding ports and addresses are handled in this way. So I think
SMTP (usually port 25) would match the filters.
BR,
Juan
>-----Original Message-----
>From: wireshark-users-bounces@xxxxxxxxxxxxx
>[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
>ext Ariel Burbaickij
>Sent: Wednesday, November 26, 2008 2:09 PM
>To: Community support list for Wireshark
>Subject: Re: [Wireshark-users] transparent GTP-'detunneling'
>in wireshark
>
>Hello Juan,
>does this logic also apply to protocols, i.e. smtp would match
>both unencaplsulated as well as encapsulated traffic?
>
>/wbr
>Ariel Burbaickij
>
>On Mon, Nov 24, 2008 at 1:10 PM, Wortley, Juan (NSN -
>AR/Cordoba) <juan.wortley@xxxxxxx> wrote:
>> Hi Ariel,
>> No particular filter is required. When you apply a filter to a GTP
>> capture, that filter will try to match transport IP for GTP,
>and also
>> encapsulated IP inside GTP.
>>
>> For instance, if you filter out by using "ip.addr==10.1.1.1" then WS
>> will apply the filter to transport IP (lowest IP layer) and also to
>> transported IP (upper layer):
>>
>> UDP/TCP
>> -------
>> IP <----- Filter tries to match "10.1.1.1" here
>> -------
>> GTP
>> -------
>> UDP
>> -------
>> IP <----- Filter tries to match "10.1.1.1" here too
>>
>>
>> BR,
>> Juan
>>
>>
>>
>>>-----Original Message-----
>>>From: ext Ariel Burbaickij [mailto:ariel.burbaickij@xxxxxxxxx]
>>>Sent: Saturday, November 22, 2008 8:51 AM
>>>To: Community support list for Wireshark; Wortley, Juan (NSN -
>>>AR/Cordoba)
>>>Subject: Re: [Wireshark-users] transparent GTP-'detunneling'
>>>in wireshark
>>>
>>>Sorry, for late response, Juan,
>>>I did not quite get what filter do you mean hat can be
>applied in the
>>>latest version of WS?
>>>
>>>
>>>/wbr
>>>Ariel Burbaickij
>>>
>>>
>>>On Sun, Oct 19, 2008 at 10:36 PM, Wortley, Juan (NSN -
>>>AR/Cordoba) <juan.wortley@xxxxxxx> wrote:
>>>> Hi,
>>>> At least with latests versions of WS when you apply a filter it
>>>> matches the criteria with "external" (GTP) and "internal"
>>>> (encapsulated) protocols.
>>>> BR,
>>>> Juan
>>>>
>>>>>-----Original Message-----
>>>>>From: wireshark-users-bounces@xxxxxxxxxxxxx
>>>>>[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
>>>ext Ariel
>>>>>Burbaickij
>>>>>Sent: Friday, October 17, 2008 9:40 AM
>>>>>To: Community support list for Wireshark
>>>>>Subject: [Wireshark-users] transparent GTP-'detunneling' in
>>>>>wireshark
>>>>>
>>>>>Hello community,
>>>>>is it possible to ssomehow 'de-tunnel' GTP traffic, so that read
>>>>>filters can be naturally applied to the traffic tunneled
>inside GTP?
>>>>>
>>>>>/wbr
>>>>>Ariel Burbaickij
>>>>>_______________________________________________
>>>>>Wireshark-users mailing list
>>>>>Wireshark-users@xxxxxxxxxxxxx
>>>>>https://wireshark.org/mailman/listinfo/wireshark-users
>>>>>
>>>> _______________________________________________
>>>> Wireshark-users mailing list
>>>> Wireshark-users@xxxxxxxxxxxxx
>>>> https://wireshark.org/mailman/listinfo/wireshark-users
>>>>
>>>
>> _______________________________________________
>> Wireshark-users mailing list
>> Wireshark-users@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-users
>>
>_______________________________________________
>Wireshark-users mailing list
>Wireshark-users@xxxxxxxxxxxxx
>https://wireshark.org/mailman/listinfo/wireshark-users
>