wiresharkcommunicationtsharktelecommunicationdiameter-protocol

Diameter: Unknown Application Id upon decoding using tshark


I am trying to decode raw frames of a diameter call using tshark, all the fields: Command code, Application Id, AVPs are labelled as 'Unknown'. This labelling is followed by a sentence 'if you know what this is you can add it to dictionay.xml'. Am I missing some options? How to resolve this issue?enter image description here


Solution

  • For sure, the protocol you're trying to decode (3GPP Cx) is part of Wireshark off-the-shelf dictionary:

    jhartman@mbp wireshark-master % grep 16777216 -A 10 diameter/TGPP.xml
    <application id="16777216" name="3GPP Cx" uri="http://www.3gpp.org/DynaReport/29229.htm">
    
      <!-- IMS Cx Dx Application -->
      <command name="User-Authorization"    code="300" vendor-id="TGPP"/>
      <command name="Server-Assignment" code="301" vendor-id="TGPP"/>
      <command name="Location-Info"     code="302" vendor-id="TGPP"/>
      <command name="Multimedia-Auth"       code="303" vendor-id="TGPP"/>
      <command name="Registration-Termination" code="304" vendor-id="TGPP"/>
      <command name="Push-Profile"      code="305" vendor-id="TGPP"/>
    

    My suggestions:

    Decode As

    Finally: the screenshot does not have other details, perhaps you could share a few frames from your log to analyse.