Diameter: Unknown Application Id upon decoding using tshark
I am trying to decode raw frames of a diameter call using tshark, all the fields: Command code, Application Id, AVPs are labelled as 'Unknown'. This labelling is followed by a sentence 'if you know what this is you can add it to dictionay.xml'. Am I missing some options? How to resolve this issue?enter image description here
Solution
For sure, the protocol you're trying to decode (3GPP Cx) is part of Wireshark off-the-shelf dictionary:
jhartman@mbp wireshark-master % grep 16777216 -A 10 diameter/TGPP.xml
<application id="16777216" name="3GPP Cx" uri="http://www.3gpp.org/DynaReport/29229.htm">
<!-- IMS Cx Dx Application -->
<command name="User-Authorization" code="300" vendor-id="TGPP"/>
<command name="Server-Assignment" code="301" vendor-id="TGPP"/>
<command name="Location-Info" code="302" vendor-id="TGPP"/>
<command name="Multimedia-Auth" code="303" vendor-id="TGPP"/>
<command name="Registration-Termination" code="304" vendor-id="TGPP"/>
<command name="Push-Profile" code="305" vendor-id="TGPP"/>
My suggestions:
- Download latest version of Wireshark
- Ensure Wireshark interprets the log as Diameter: Select a frame and choose "Decode As" from contextual menu. Then select "Diameter"
Finally: the screenshot does not have other details, perhaps you could share a few frames from your log to analyse.
- Wireshark - Unused Setup Header
- Wireshark: Filter by Multicast in GUI
- Capturing mobile phone traffic on Wireshark
- Filter by process/PID in Wireshark
- whatsapp sniffing ssl traffic with wireshark
- Why Wireshark display filter does not show http packets?
- Purebasic Windows TCP filter specific package easiest way?
- Lua conditional evaluation of new language operators
- Comma separated IP addresses in TShark output
- Error "cannot open display" when starting wireshark on Ubuntu command line
- Replay IHeartRadio station URL in Python
- Scapy fails to send ipv6 packets
- Capturing Network Router Traffic with Wireshark
- text2pcap is not detecting the below format
- Wireshark HTTP2 Prior Knowledge HTTP Request not showing
- wireshark - pcap timestamp date format
- Writing a protocol dissector with Lua does not autocomplete the Proto class
- How to access a previously extracted field in a chained Lua dissector?
- How to force Wireshark's all_field_infos() function gather all the fields?
- How to test which version of TLS my .NET client is using?
- How can i export file from wireshark to display not in hex format
- Strange base64 python decoding
- Merging/appending multiple pcap files to an existing one without overwriting
- Converting pcap format from LINKTYPE_LINUX_SSL to LINKTYPE_ETHERNET
- Jitter values for TCP Streams in Wireshark?
- Facing Issue while writing data to a pcap file using C language
- Azure functions read, process and save file on arrival in blob
- swinging of RTSP streams bandwidth?
- mitmproxy: SSL keys not decrypting in Wireshark
- Extracting TCP data with Scapy