Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GPRS Tunnelling Protocol Analytics MEMO

919 views

Published on

GPRS Tunnelling Protocol Analytics MEMO

08-Dec-2015
SAKURA Internet Research Center. 
Senior Researcher / Naoto MATSUMOTO

Published in: Technology

GPRS Tunnelling Protocol Analytics MEMO

  1. 1. 08-Dec-2015 SAKURA Internet Research Center. Senior Researcher / Naoto MATSUMOTO
  2. 2. GTP Connection Analysis 1/7 1) GTP : Echo request User Datagram Protocol, Src Port: 2123 (2123), Dst Port: 2123 (2123) GPRS Tunneling Protocol Flags: 0x32 001. .... = Version: GTP release 99 version (1) ...1 .... = Protocol type: GTP (1) .... 0... = Reserved: 0 .... .0.. = Is Next Extension Header present?: No .... ..1. = Is Sequence Number present?: Yes .... ...0 = Is N-PDU number present?: No Message Type: Echo request (0x01) Length: 4 TEID: 0x00000000 SOURCE: SAKURA Internet Research Center. 12/2015 NAT444 GGSN SGSN GTP INTERNET
  3. 3. GTP Connection Analysis 2/7 2) GTP : Create PDP context request User Datagram Protocol, Src Port: 2123 (2123), Dst Port: 2123 (2123) GPRS Tunneling Protocol Flags: 0x32 001. .... = Version: GTP release 99 version (1) ...1 .... = Protocol type: GTP (1) .... 0... = Reserved: 0 .... .0.. = Is Next Extension Header present?: No .... ..1. = Is Sequence Number present?: Yes .... ...0 = Is N-PDU number present?: No Message Type: Create PDP context request (0x10) Length: 104 TEID: 0x00000000 Sequence number: 0x1401 IMSI: 240010123456789 Recovery: 5 .... ..01 = Selection mode: MS provided APN, subscription not verified (1) TEID Data I: 0x00000001 TEID Control Plane: 0x00000001 NSAPI: 0 Charging characteristics: 2048 End user address (IETF/IPv4) Access Point Name: test-apn Protocol configuration options GSN address : 10.0.0.50 GSN address : 10.0.0.50 MS international PSTN/ISDN number Quality of Service SOURCE: SAKURA Internet Research Center. 12/2015 NAT444 GGSN SGSN GTP INTERNET
  4. 4. GTP Connection Analysis 3/7 3) GTP : Echo response User Datagram Protocol, Src Port: 2123 (2123), Dst Port: 2123 (2123) GPRS Tunneling Protocol Flags: 0x32 001. .... = Version: GTP release 99 version (1) ...1 .... = Protocol type: GTP (1) .... 0... = Reserved: 0 .... .0.. = Is Next Extension Header present?: No .... ..1. = Is Sequence Number present?: Yes .... ...0 = Is N-PDU number present?: No Message Type: Echo response (0x02) Length: 6 TEID: 0x00000000 Sequence number: 0x1400 Recovery: 9 SOURCE: SAKURA Internet Research Center. 12/2015 NAT444 GGSN SGSN GTP INTERNET
  5. 5. GTP Connection Analysis 4/7 4) GTP : Create PDP context response Echo response User Datagram Protocol, Src Port: 2123 (2123), Dst Port: 2123 (2123) GPRS Tunneling Protocol Flags: 0x32 001. .... = Version: GTP release 99 version (1) ...1 .... = Protocol type: GTP (1) .... 0... = Reserved: 0 .... .0.. = Is Next Extension Header present?: No .... ..1. = Is Sequence Number present?: Yes .... ...0 = Is N-PDU number present?: No Message Type: Create PDP context response (0x11) Length: 78 TEID: 0x00000001 Sequence number: 0x1401 Cause: Request accepted (128) Reordering required: False Recovery: 9 TEID Data I: 0x00000001 TEID Control Plane: 0x00000001 Charging ID: 0x00000001 End user address (IETF/IPv4) : 192.168.0.2 Protocol configuration options GSN address : 10.0.0.1 GSN address : 10.0.0.1 Quality of Service SOURCE: SAKURA Internet Research Center. 12/2015 NAT444 GGSN SGSN GTP INTERNET
  6. 6. GTP Connection Analysis 5/7 5) GTP : T-PDU <ICMP> 138 Echo (ping) request User Datagram Protocol, Src Port: 2152 (2152), Dst Port: 2152 (2152) GPRS Tunneling Protocol Flags: 0x32 001. .... = Version: GTP release 99 version (1) ...1 .... = Protocol type: GTP (1) .... 0... = Reserved: 0 .... .0.. = Is Next Extension Header present?: No .... ..1. = Is Sequence Number present?: Yes .... ...0 = Is N-PDU number present?: No Message Type: T-PDU (0xff) Length: 88 TEID: 0x00000001 Sequence number: 0x0000 T-PDU Data 80 bytes Internet Protocol Version 4, Src: 192.168.0.2 (192.168.0.2), Dst: 192.168.11.43 (192.168.11.43) Internet Control Message Protocol SOURCE: SAKURA Internet Research Center. 12/2015 NAT444 GGSN SGSN T-PDU GTP INTERNET
  7. 7. GTP Connection Analysis 6/7 6) GTP : T-PDU <ICMP> 138 Echo (ping) reply User Datagram Protocol, Src Port: 2152 (2152), Dst Port: 2152 (2152) GPRS Tunneling Protocol Flags: 0x32 001. .... = Version: GTP release 99 version (1) ...1 .... = Protocol type: GTP (1) .... 0... = Reserved: 0 .... .0.. = Is Next Extension Header present?: No .... ..1. = Is Sequence Number present?: Yes .... ...0 = Is N-PDU number present?: No Message Type: T-PDU (0xff) Length: 88 TEID: 0x00000001 Sequence number: 0x0000 T-PDU Data 80 bytes Internet Protocol Version 4, Src: 192.168.11.43 (192.168.11.43), Dst: 192.168.0.2 (192.168.0.2) Internet Control Message Protocol SOURCE: SAKURA Internet Research Center. 12/2015 NAT444 GGSN SGSN T-PDU GTP INTERNET
  8. 8. GTP Connection Analysis 7/7 7) GTP : Delete PDP context request / response User Datagram Protocol, Src Port: 2123 (2123), Dst Port: 2123 (2123) GPRS Tunneling Protocol Flags: 0x32 001. .... = Version: GTP release 99 version (1) ...1 .... = Protocol type: GTP (1) .... 0... = Reserved: 0 .... .0.. = Is Next Extension Header present?: No .... ..1. = Is Sequence Number present?: Yes .... ...0 = Is N-PDU number present?: No Message Type: Delete PDP context request (0x14) Length: 8 TEID: 0x00000001 Sequence number: 0x1402 : GPRS Tunneling Protocol Flags: 0x32 001. .... = Version: GTP release 99 version (1) ...1 .... = Protocol type: GTP (1) .... 0... = Reserved: 0 .... .0.. = Is Next Extension Header present?: No .... ..1. = Is Sequence Number present?: Yes .... ...0 = Is N-PDU number present?: No Message Type: Delete PDP context response (0x15) Length: 6 TEID: 0x00000001 Sequence number: 0x1402 Cause: Request accepted (128) SOURCE: SAKURA Internet Research Center. 12/2015 NAT444 GGSN SGSN GTP INTERNET

×