The GTP Preprocessor
Note | This section applies to Snort 2 preprocessors. For information on Snort 3 inspectors, see https://www.cisco.com/go/snort3-inspectors. |
The General Service Packet Radio (GPRS) Tunneling Protocol (GTP)
provides communication over a GTP core network. The GTP preprocessor detects
anomalies in GTP traffic and forwards command channel signaling messages to the
rules engine for inspection. You can use the
gtp_version,
gtp_type, and
gtp_info rule
keywords to inspect GTP command channel traffic for exploits.
A single configuration option allows you to modify the default setting for the ports that the preprocessor inspects for GTP command channel messages.