and look for the GTP packet
capture icon (
) at the beginning
of rows that capture troublesome GTP packets. In those rows you’ll
see the GTP Event Type (such as GTP-in-GTP), the international mobile
subscriber identity (IMSI), source and destination IP address of
the packet, and other information.
If you want more details to verify the event, click the download
) to download
a packet capture file.
the file to readable format
and verify that the details support the GTP event type.
In this packet capture example, the packet has two headers
GPRS Tunneling Protocol
; a GTP
header inside another GTP header verifies that the GTP-in-GTP event
is not a false positive; it’s identified as a GTP-in-GTP attack.