[Snort-users] Snort and GTP encapsulation info
Ana Serrano Mamolar
B00315494 at ...17757...
Wed Feb 8 14:54:16 EST 2017
Again with an encapsulation question.
I am trying to understand how Snort manage GTP encapsulation, that I know that is supported. I already enable gtp in my config file by " config enable_gtp".
I run Snort with different pcaps that I have that include GTP and trying to see which info I obtained from Snort with a very silly rule to be sure that is triggerred.
My question is the following: Does somebody know where in the database is stored the TEID ( tunnel identifier ) of the packet that triggered the alert? . I have seen in Snort source code that it's parsed. But then I can not find it in the database.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users