GTP Event Packet Capture

Get a packet capture of a single GTP event, such as GTP-in-GTP, end user IP spoofing, or abnormal GTP messages, to help troubleshoot GTP.
Mobile networks have a high volume of GTP traffic and if you need to troubleshoot GTP, it is easier to examine a packet capture of a single GTP event than it is to examine a device-level packet capture of many megabytes. You can now capture a single GTP packet that triggered an erroneous GTP event. A GTP packet capture includes the following events:
  • GTP-in-GTP
  • End-user IP address spoofing
  • Abnormal GTPv1-C, GTPv2-C, and GTP-U messages that have a missing mandatory Information Element (IE), invalid IE, out-of-order IE, invalid header, or unsupported message type
  • Other abnormal GTPv1-C, GTPv2-C, and GTP-U messages
  1. Enable packet capture in a GTP Protection profile.
    gtp_packet_capture.png
  2. Apply the GTP Protection profile to a Security policy rule that applies to the zone you are protecting.
  3. Commit
    your changes.
  4. If the Application Command Center (ACC) on your firewall indicates a GTP problem that you want to troubleshoot, select
    Monitor
    Logs
    GTP
    and look for the GTP packet capture icon ( gtp_pcap_icon.png ) at the beginning of rows that capture troublesome GTP packets. View the GTP Event Type (such as GTP-in-GTP), the international mobile subscriber identity (IMSI), source and destination IP address of the packet, and other information.
    gtp_pcap.png
  5. If you want to verify the event, download ( gtp_pcap_icon.png ) a packet capture file.
    gtp_pcap_download.png
  6. Export
    the file to readable format and verify that the details support the GTP event type.

Recommended For You