0

How the GTP-u content being dissected by Wireshark?

Is the content inside GTP-U also encrypted if i don't have the ipsec over it?

I have some G711 PCMU content with GTP tunneling as shown by Wireshark but i am seeing there are two packets with the same content everywhere but the IPs are different.

I am not able to understand how this has been dis-sected and is the content really encrypted or not as in generally the frame size of the PCMU content is 160 bytes without RTP header but here i am seeing only 32 bytes without header.

Anyone has any idea on this GTP-U content or can provide me some documents or resource to understand the same?

Thanks Nitin

NitinG
  • 893
  • 3
  • 21
  • 38

1 Answers1

0

GTP-U does not specify encryption for the payload; it is encapsulated as-is.

To read about GTP, see 3GPP TS 29.060.

Michael Foukarakis
  • 39,737
  • 6
  • 87
  • 123
  • Ok, so for encryption we need to use the IPsec over GTP right? But the content encapsulated in the GTP seems to be coming twice and does nt seems to be inline with the general PCMU content. – NitinG Apr 17 '12 at 11:43
  • I can't say I know what would cause that; it may depend on where you're doing the capture. – Michael Foukarakis Apr 17 '12 at 13:06