[Bro-Dev] #934: GPRS Tunneling Protocol (GTP) Analyzer
Bro Tracker
bro at tracker.bro-ids.org
Sat Jan 19 13:24:42 PST 2013
#934: GPRS Tunneling Protocol (GTP) Analyzer
------------------------------+-----------------------------------------
Reporter: liamrandall | Owner:
Type: Feature Request | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords: GTP GPRS Tunneling Protocol
------------------------------+-----------------------------------------
Comment (by liamrandall):
GTP-C and GTP-U should probably both be handled and logged. For example,
GTP-C (control plane) might want to log PDP setup, modifications and tear-
downs.
On GTP-U it does not seem to be decoding the tunneled traffic properly;
I'm not seeing analyzers fire for embedded ip4/6, http, etc. PCAPR has a
large variety of samples of the GTP-C setup/tear down, GTP-U traffic, and
hand-offs. I’ve attached some of the representative samples.
Specifications: http://www.quintillion.co.jp/3GPP/Specs/29060-4b0.pdf
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/934#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list