Shriya Nagrath
Reputation: 19
Diameter: Unknown Application Id upon decoding using tshark
I am trying to decode raw frames of a diameter call using tshark, all the fields: Command code, Application Id, AVPs are labelled as 'Unknown'. This labelling is followed by a sentence 'if you know what this is you can add it to dictionay.xml'. Am I missing some options? How to resolve this issue?enter image description here
Upvotes: 0
Views: 1127
Answers (1)
Jarek
Reputation: 938
For sure, the protocol you're trying to decode (3GPP Cx) is part of Wireshark off-the-shelf dictionary:
jhartman@mbp wireshark-master % grep 16777216 -A 10 diameter/TGPP.xml
<application id="16777216" name="3GPP Cx" uri="http://www.3gpp.org/DynaReport/29229.htm">
<!-- IMS Cx Dx Application -->
<command name="User-Authorization" code="300" vendor-id="TGPP"/>
<command name="Server-Assignment" code="301" vendor-id="TGPP"/>
<command name="Location-Info" code="302" vendor-id="TGPP"/>
<command name="Multimedia-Auth" code="303" vendor-id="TGPP"/>
<command name="Registration-Termination" code="304" vendor-id="TGPP"/>
<command name="Push-Profile" code="305" vendor-id="TGPP"/>
My suggestions:
- Download latest version of Wireshark
- Ensure Wireshark interprets the log as Diameter: Select a frame and choose "Decode As" from contextual menu. Then select "Diameter"
Finally: the screenshot does not have other details, perhaps you could share a few frames from your log to analyse.
Upvotes: 0
Related Questions
- Pyshark - tshark can't use user plugin in 'decode_as'
- pyshark.tshark.tshark.TSharkNotFoundException: TShark not found
- tshark - only output application layer decode
- Bogus TCP Header Length When Examining Packets in Tshark
- Tshark filter protocol FIX
- Wireshark filter syntax needed
- How to configure and start diameter client and server for diameter credit control application using freediameter
- tshark - help finding tshark 1.6.7 field names
- Resolving protocol names in custom tshark display filter
- building tshark