Now let's consider what happens when you apply the next filter, (udp.srcport > 48776) and (udp.srcport < 48778): Wireshark determines that the second UDP source port of 59008 satisfies the first constraint and the first UDP source port of 2152 satisfies the second constraint, so this frame is determined to match the filter and is displayed. Since neither the first UDP source port occurrence of 2152 nor the second UDP source port occurrence of 59008 matches that filter, this frame is not displayed.
When you apply a display filter of udp.srcport = 48777, Wireshark is looking for an exact match on any UDP source port field matching that filter. User Datagram Protocol, Src Port: gtp-user (2152), Dst Port: gtp-user (2152) The problem here is that you have 2 UDP headers, and thus 2 UDP source ports to consider. The other one is for GTP-C and I don't really care about it. UDP inside GTP is GTP-U and this is the one I am looking into.
Thanks the question is, how to just filter the UDP header inside GTP and disregard the port of UDP header beyond GTP? Thus there are two source ports to be considered while filtered. The problem is there are two UDP headers in the capture. I am trying to filter the traffic by udp port and find out that range filter is not working.įilter 2: (udp.port > 48776) and (udp.port 48776) and (udp.srcport < 48778)
0 kommentar(er)
