[Bro-Dev] #934: GPRS Tunneling Protocol (GTP) Analyzer
Bro Tracker
bro at tracker.bro-ids.org
Wed Jan 30 14:40:00 PST 2013
#934: GPRS Tunneling Protocol (GTP) Analyzer
------------------------------+-----------------------------------------
Reporter: liamrandall | Owner:
Type: Feature Request | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords: GTP GPRS Tunneling Protocol
------------------------------+-----------------------------------------
Comment (by jsiwek):
Replying to [comment:2 liamrandall]:
> GTP-C and GTP-U should probably both be handled and logged. For
example, GTP-C (control plane) might want to log PDP setup, modifications
and tear-downs.
I'll try to at least add the analyzer/parsing for GTP-C to get some events
generated for PDP create/update/delete.
> On GTP-U it does not seem to be decoding the tunneled traffic properly;
I'm not seeing analyzers fire for embedded ip4/6, http, etc.
Can you point me to a specific pcap that doesn't work for you?
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/934#comment:3>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list