This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

gtp prime, gprscdr

Hello I am trying to see GTPP packets but the program is not showing me the message, I look for an answer but it says something about modifying a file that I can't find http://anonsvn.wireshark.org/viewvc/trunk/asn1/gprscdr/Makefile.common?view=markup&pathrev=51017

I work in a Telecom company and I want to be able to decode the CDR message.

gtp prime 3gpp cdr gprscdr

asked 13 Apr '15, 12:27

alfromero
6●2●2●4
accept rate: 0%

You don't see the gtp messages? In which case they may be on another port than the standard one. Check the preferences and Set/add the used port. Or You see the gtp Messages but the cdr isn't decoded?

(13 Apr '15, 13:22) Anders ♦

I already check the port and I need it to modify it, but still the cdr info is not shown

(13 Apr '15, 13:59) alfromero

I do see GTPP message the problem is that wireshark is not decoding it

(13 Apr '15, 15:00) alfromero

Try the development version some changes has been made to handle more versions of the cdrs

(13 Apr '15, 23:03) Anders ♦

Same thing on the the development version I am not able to decode gtp prime (cdr)

(14 Apr '15, 07:35) alfromero

I'm not sure we are on the sam page, do you get the messages as GTP'? Something like: 1 0.000000000 10.211.149.9 10.211.176.202 GTP 540 Data record transfer request I have them on UDP port 3386.

If you get this far what is your output for Data record Format Wireshark only handles Data record format: 1 Basic Encoding Rules (BER) It may also be an issue with the version the one I'm looking at says Data record format version: AppId 1 Rel 9.5.0 What does yours say?

(14 Apr '15, 10:30) Anders ♦

Mine says Data record format: 1 Basic Encoding Rules (BER) Data record format version: AppId 1 Rel 4.5.0 0001 .... = Application Identifier: 1 .... 0100 = Release Identifier: 4 Version Identifier: 6

(14 Apr '15, 12:21) alfromero

The top of trunk GTP code is: if(format==1) { if(rel_id <= 6){ dissect_gprscdr_GPRSCallEventRecord_PDU(next_tvb, pinfo, cdr_dr_tree, NULL); }else if(rel_id >6){ dissect_gprscdr_GPRSRecord_PDU(next_tvb, pinfo, cdr_dr_tree, NULL); } } So the development version should try to dissect the CDR but all record types are not currently supported. If you could open a bug report and include a sample frame I could have a look at it to see if it's possible to implement. You can mark the BUG as private limiting the access to Wireshark core devekopers.

(15 Apr '15, 03:49) Anders ♦

showing 5 of 8 show 3 more comments