I have a RHEL 5.8 system installed with wireshark 1.0.15, but it does not supports GTPv2 by default.
I cannot upgrade wireshark with higher version as it has lot of dependencies like glib2, gtk+2.12 etc, and those cannot be installed as they interfere with other application on the system.
So, is there any way by which I can just install gtpv2 dissectors on wireshark 1.0.15, as my only reqyuirement is to support gtpv2 irrespective of wireshark version on RHEL 5.8
asked 03 Aug '13, 11:12
edited 03 Aug '13, 13:03
You could try getting the source to a version of Wireshark that you can build on your system, getting the source to the dissectors you want, and making whatever changes to the dissectors to get them to build as part of that older version of Wireshark. Those dissectors might depend on features of Wireshark not available in 1.0.15, however, in which case you're out of luck.
answered 03 Aug '13, 14:38
Guy Harris ♦♦
If it helps at all, the dissectors you'd want are at epan/dissectors/packet-gtpv2.c of the source code of Wireshark 1.10.
Good luck if you're going to attempt this, though I can say at least from my experience if you need to support capture files from a GTPv2/EPC environment you're better off with at least Wireshark 1.8 and RHEL/CentOS 6. Even if you go through all this trouble and get GTPv2 working, I'd be surprised if tomorrow you don't need to correlate those captures with your Diameter or S1AP signaling. The stock Wireshark repos for RHEL 5 won't do S1, nor most mobility Diameter applications and even on the GTPv1 front there were some annoying bugs in older releases, such as three-digit MNCs not being read correctly in the ULI field.
answered 06 Aug '13, 21:24