This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

GTPV2 Filter not showing new inclusion IEs after release 1.12.8

0

Hi, I installed wireshark version 2.2.4 in centos6. But not able to view the gtv2 new inclusion IEs after wireshark release 1.12.8 in filter box. Is it display problem or those IEs not registered? Currently I don't have pcap files with those IEs.

asked 06 Jul '17, 01:40

Abhisek's gravatar image

Abhisek
16111216
accept rate: 0%

I'm not sure what you are asking are you saying that if you list all filters in GTPv2 in Wireshark release 1.12.8 and compare with the list in 2.2.4 you get no difference? If you are looking for specific filters please give example. Possibly the inclusion you are seeking didn't make 2.2.0, no new functionality is added to the branches after release.

(06 Jul '17, 01:57) Anders ♦

Problem is: Some IEs are shown GREEN in FILTERBOX, whereas Some IEs are shown RED in FILTERBOX. ASSUMTION: in FilterBox the IE gtpv2.authentication_quadruplets(introduced after rel-1.12.8) is searched for and it's shown RED not GREEN, whereas gtv2.daf(introduced rel 1.12.8) is shown GREEN. But after some close code walk-through of packet-gtpv2.c, i find that in hf_register_info, one half of IEs are shown properly(GREEN) in FilterBox, whereas the next half is not shown(RED) in FilterBox. So The first assumption is wrong. Now the question-"IS THERE ANY LIMITATION OF ADDING in hf_register_info"?

(06 Jul '17, 03:27) Abhisek

One Answer:

0

gtpv2.authentication_quadruplets is shown green for me when running 2.2.4. Given that it was introduced for 2.0.0, you are probably running a Wireshark version older than that (1.12.8?). Please double check the version displayed in Help -> About Wireshark.

answered 06 Jul '17, 05:10

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

No for me the same RED is shown... But after a code walk through I got one work around that the hf_register_info array is somehow not loading all registered IES in the filter box. If I copy some IEs from next half to first half then those IEs are shown GREEN in filter box. BUT THE CAUSE OF PROBLEM IS STILL UNKNOWN. P.S: I have added some new IEs as well... some of them are shown in FILTERBOX GREEN, where some are RED.

(10 Jul '17, 02:01) Abhisek

So it looks like you are modifying Wireshark source code. Does it happen with the official Wireshark 2.2.4 version without any modification? As far as I know you are the first one reporting this issue and using a freshly compiled Wireshark 2.2.4 on Fedora I cannot reproduce your issue. So it could be related to your changes.

(10 Jul '17, 06:04) Pascal Quantin