Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Parsing Diameter Parameters AVP

From: "Herzl Shmuelian" <hshemuelian () sandvine com>
Date: Sun, 14 Feb 2010 11:50:28 -0500
I'm trying to parse the data from a group of Diameter packets.

 

I enter the command:

tshark -r mypackets.cap -T fields -e frame.number -e ip.src -e
diameter.hopbyhopid -e diameter.avp | head 

It returns the output:

Running as user "root" and group "root". This could be dangerous.

1              172.16.1.116       0x308853a5
00:00:01:16:40:00:00:0c:4b:5c:56:59

2              172.16.15.38       0x308853a5
00:00:01:16:40:00:00:0c:4b:5c:56:54

3              172.16.1.116                       

4              172.16.1.116       0x308853a6
00:00:01:16:40:00:00:0c:4b:5c:56:59

5              172.16.15.38       0x308853a6
00:00:01:16:40:00:00:0c:4b:5c:56:54

6              172.16.1.116                       

7              172.16.1.116       0x308853a7
00:00:01:16:40:00:00:0c:4b:5c:56:59

8              172.16.15.38       0x308853a7
00:00:01:16:40:00:00:0c:4b:5c:56:54

9              172.16.1.116                       

 

For the frame.number and diameter.hopbyhopid fields, it gives the
correct output in desired  format .  For diameter.avp, it does not.

The returned format is currently 

-          in binary format.

-          if I have multiple AVPS on a single packet, only the last AVP
data is presented

        for example for packet number 1 there are 3 AVPs but we only
receive data only for the last one

I also add dictionary files and when I use -V option it then returns the
AVP data correctly (shown below)

    AVP: Origin-Host(264) l=26 f=-M- val=sde38.sandvine.com

    AVP: Result-Code(268) l=12 f=-M- val=DIAMETER_SUCCESS (2001)

    AVP: Origin-Realm(296) l=20 f=-M- val=sandvine.com

    AVP: Origin-State-Id(278) l=12 f=-M- val=1264342612

 

 

Does anyone have any idea how I can receive all the AVP fields, and for
them to be presented as text (not binary)???

 

 

 


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: