Wireshark-users: Re: [Wireshark-users] transparent GTP-'detunneling' in wireshark

From: "Ariel Burbaickij" <ariel.burbaickij@xxxxxxxxx>
Date: Sun, 19 Oct 2008 11:55:15 +0200
Thank you for fast response, however I fear I do not understand it
completely so far.
Yes, wireshark dissects the traffic inside gtp, let us for a sake of example
assume it is SMTP. Yes, it is known fact that read filters are display filters.
Now, I want to get only SMTP traffic from my monitoring interface that flows
inside GTP tunnel -- do you say that something like gtp&&smtp should work
towards this end?

/wbr
Ariel Burbaickij


On Sat, Oct 18, 2008 at 12:11 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Oct 17, 2008, at 5:39 AM, Ariel Burbaickij wrote:
>
>> is it possible to ssomehow 'de-tunnel' GTP traffic, so that read
>> filters can be naturally applied to the traffic
>> tunneled inside GTP?
>
> Read filters are just display filters, and those depend on dissection,
> so read filters should work iff Wireshark dissects the traffic
> tunneled inside GTP ("work" to the same extent that display filters
> work).
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>