It is sometimes necessary to perform a sniffer trace for packets from a specific TEID if it is not known what IMSI the tunnel list is filtered with, with this IMSI.

1. List the GTP tunnel list and filter on the IMSI (for example, 262017646140803):

diagnose firewall gtp tunnel filter imsi 262017646140803
diagnose firewall gtp tunnel list
-----------prof=DRP_26201_GTP_inbound ref=6 imsi=262017646140803 msisdn=4915176961500 mei=86026405.410385.42 ms_addr=10.210.150.58 s11_s4 0-----------
-----------index=f0046e62 life=70728(sec) idle=70728(sec) vd=3 ver=2-----------
c_pkt=2 c_bytes=541 u_pkt=0 u_bytes=0
rat type: eutran
downlink cfteid:
addr=213.162.75.100 teid=0x01b964cf role=control vd=3 intf_type=s5/s8 sgw gtp-c
uplink cfteid:
addr=62.153.137.163 teid=0x0206e09f role=control vd=3 intf_type=s5/s8 pgw gtp-c
1/1 bearers:
id=5 linked_id=0 type=regular dead=0 apn=internet.m2mportal.de.mnc001.mcc262.gprs selection=ms-or-net-provided-apn apn_restriction=all user_addr=10.210.150.58 u_pkt=0 u_bytes=0
2 fteids:
addr=213.162.75.100 teid=0x01b964cf role=data vd=3 intf_type=s5/s8 sgw gtp-u
addr=62.153.137.163 teid=0x0204e09f role=data vd=3 intf_type=s5/s8 pgw gtp-u

2. Create the filter to use with the sniffer:

diag sniff packet any 'udp[12:4]=0x01b964cf or udp[12:4]=0x0204e09f' 6 0 l