[Bro-Dev] #934: GPRS Tunneling Protocol (GTP) Analyzer
Bro Tracker
bro at tracker.bro-ids.org
Fri Jan 18 08:19:04 PST 2013
#934: GPRS Tunneling Protocol (GTP) Analyzer
------------------------------+-----------------------------------------
Reporter: liamrandall | Owner:
Type: Feature Request | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords: GTP GPRS Tunneling Protocol
------------------------------+-----------------------------------------
Comment (by jsiwek):
Replying to [ticket:934 liamrandall]:
> Requesting support for GTP Analyzers.
There's a GTPv1-U "analyzer" now in the git/master repository (#690 has
the history of that). I say "analyzer" because it really only functions
as a tunnel decapsulator right now. It also doesn't yet support GTP
extension headers (I didn't have any such pcaps to test against). Can you
try it out and let us know what's missing and/or not working? i.e. is
there more analysis that should be done? or are the extension headers
very important? or do GTP', GTP-C, or GTPv2 need specific handling?
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/934#comment:1>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list