[Bro-Dev] #934: GPRS Tunneling Protocol (GTP) Analyzer

Bro Tracker bro at tracker.bro-ids.org
Sat Jan 19 13:24:42 PST 2013


#934: GPRS Tunneling Protocol (GTP) Analyzer
------------------------------+-----------------------------------------
  Reporter:  liamrandall      |      Owner:
      Type:  Feature Request  |     Status:  new
  Priority:  Normal           |  Milestone:  Bro2.2
 Component:  Bro              |    Version:  git/master
Resolution:                   |   Keywords:  GTP GPRS Tunneling Protocol
------------------------------+-----------------------------------------

Comment (by liamrandall):

 GTP-C and GTP-U should probably both be handled and logged.  For example,
 GTP-C (control plane) might want to log PDP setup, modifications and tear-
 downs.

 On GTP-U it does not seem to be decoding the tunneled traffic properly;
 I'm not seeing analyzers fire for embedded ip4/6, http, etc.  PCAPR has a
 large variety of samples of the GTP-C setup/tear down, GTP-U traffic, and
 hand-offs.  I’ve attached some of the representative samples.

 Specifications: http://www.quintillion.co.jp/3GPP/Specs/29060-4b0.pdf

-- 
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/934#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker



More information about the bro-dev mailing list