I am trying to decode raw frames of a diameter call using tshark, all the fields: Command code, Application Id, AVPs are labelled as 'Unknown'. This labelling is followed by a sentence 'if you know what this is you can add it to dictionay.xml'. Am I missing some options? How to resolve this issue?enter image description here
For sure, the protocol you're trying to decode (3GPP Cx) is part of Wireshark off-the-shelf dictionary:
jhartman@mbp wireshark-master % grep 16777216 -A 10 diameter/TGPP.xml
<application id="16777216" name="3GPP Cx" uri="http://www.3gpp.org/DynaReport/29229.htm">
<!-- IMS Cx Dx Application -->
<command name="User-Authorization" code="300" vendor-id="TGPP"/>
<command name="Server-Assignment" code="301" vendor-id="TGPP"/>
<command name="Location-Info" code="302" vendor-id="TGPP"/>
<command name="Multimedia-Auth" code="303" vendor-id="TGPP"/>
<command name="Registration-Termination" code="304" vendor-id="TGPP"/>
<command name="Push-Profile" code="305" vendor-id="TGPP"/>
My suggestions:
Finally: the screenshot does not have other details, perhaps you could share a few frames from your log to analyse.