Ask Your Question

Undissecting tcp2123/tcp2152 currently dissected as GTP

asked 2021-05-06 17:07:10 +0000

dandreye gravatar image

updated 2021-05-06 17:10:59 +0000

Hi All, can I somehow "undissect" tcp2123/tcp2152 that are currently dissected as GTP? When I click Decode As... , select the last entry in the table (with tcp2123 or tcp2152) and click "-" and save it I still get it dissected as GTP. Apparently entire tcp port space is allowed for use by K8s mgmt comms just 'cos it's Google - no need to check IANA that has them reserved (albeit never actually used) for GTP..... Thanks in advance!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2021-05-06 18:12:59 +0000

grahamb gravatar image

You can disable the GTP dissector. From the menu, Analyze -> Enabled Protocols -> enter gtp in the search field, uncheck the GTP dissector(s).

edit flag offensive delete link more


Well I need it for my genuine GTP traffic that the traffic in question is mixing up with :-)

dandreye gravatar imagedandreye ( 2021-05-06 18:18:27 +0000 )edit

Ahh, I misunderstood the question. You have traffic on the GTP port that isn't GTP and you don't want it shown. You'll have to filter out that traffic, hopefully it has a unique factor that allows identification. There's nothing in Wireshark that allows you to not dissect traffic using the dissector registered to the port being used by the traffic.

grahamb gravatar imagegrahamb ( 2021-05-06 21:40:34 +0000 )edit

@grahamb I see now: thank you (sorry my OP wasn't detailed enough). I'll have to use the IP addresses in it then.

dandreye gravatar imagedandreye ( 2021-05-06 21:43:21 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2021-05-06 17:07:10 +0000

Seen: 30 times

Last updated: May 06