Wireshark-users: Re: [Wireshark-users] transparent GTP-'detunneling' in wireshark

From: "Ariel Burbaickij" <ariel.burbaickij@xxxxxxxxx>
Date: Wed, 26 Nov 2008 17:09:12 +0100
Hello Juan,
does this logic also apply to protocols, i.e. smtp would match both
unencaplsulated
as well as encapsulated traffic?

/wbr
Ariel Burbaickij

On Mon, Nov 24, 2008 at 1:10 PM, Wortley, Juan (NSN - AR/Cordoba)
<juan.wortley@xxxxxxx> wrote:
> Hi Ariel,
> No particular filter is required. When you apply a filter to a GTP
> capture, that filter will try to match transport IP for GTP, and also
> encapsulated IP inside GTP.
>
> For instance, if you filter out by using "ip.addr==10.1.1.1" then WS
> will apply the filter to transport IP (lowest IP layer) and also to
> transported IP (upper layer):
>
> UDP/TCP
> -------
> IP      <----- Filter tries to match "10.1.1.1" here
> -------
> GTP
> -------
> UDP
> -------
> IP      <----- Filter tries to match "10.1.1.1" here too
>
>
> BR,
> Juan
>
>
>
>>-----Original Message-----
>>From: ext Ariel Burbaickij [mailto:ariel.burbaickij@xxxxxxxxx]
>>Sent: Saturday, November 22, 2008 8:51 AM
>>To: Community support list for Wireshark; Wortley, Juan (NSN -
>>AR/Cordoba)
>>Subject: Re: [Wireshark-users] transparent GTP-'detunneling'
>>in wireshark
>>
>>Sorry, for late response, Juan,
>>I did not quite get what filter do you mean hat can be applied
>>in the latest version of WS?
>>
>>
>>/wbr
>>Ariel Burbaickij
>>
>>
>>On Sun, Oct 19, 2008 at 10:36 PM, Wortley, Juan (NSN -
>>AR/Cordoba) <juan.wortley@xxxxxxx> wrote:
>>> Hi,
>>> At least with latests versions of WS when you apply a filter it
>>> matches the criteria with "external" (GTP) and "internal"
>>> (encapsulated) protocols.
>>> BR,
>>> Juan
>>>
>>>>-----Original Message-----
>>>>From: wireshark-users-bounces@xxxxxxxxxxxxx
>>>>[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
>>ext Ariel
>>>>Burbaickij
>>>>Sent: Friday, October 17, 2008 9:40 AM
>>>>To: Community support list for Wireshark
>>>>Subject: [Wireshark-users] transparent GTP-'detunneling' in wireshark
>>>>
>>>>Hello community,
>>>>is it possible to ssomehow 'de-tunnel' GTP traffic, so that read
>>>>filters can be naturally applied to the traffic tunneled inside GTP?
>>>>
>>>>/wbr
>>>>Ariel Burbaickij
>>>>_______________________________________________
>>>>Wireshark-users mailing list
>>>>Wireshark-users@xxxxxxxxxxxxx
>>>>https://wireshark.org/mailman/listinfo/wireshark-users
>>>>
>>> _______________________________________________
>>> Wireshark-users mailing list
>>> Wireshark-users@xxxxxxxxxxxxx
>>> https://wireshark.org/mailman/listinfo/wireshark-users
>>>
>>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>