Ask Your Question
0

Diameter: Unknown Application Id upon decoding using tshark

asked 2021-10-04 13:06:26 +0000

I am trying to decode raw frames of a diameter call using tshark, all the fields: Command code, Application Id, AVPs are labelled as 'Unknown'. This labelling is followed by a sentence 'if you know what this is you can add it to dictionay.xml'. Am I missing some options? How to resolve this issue?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-10-04 13:27:18 +0000

Jaap gravatar image

It means that Wireshark hasn't the information available to translate these numbers into something meaningful.

If you have this in an XML file, you could add them to the dictionary.xml, as stated, to aid in their dissection.

If you don't have them you may want to try the development version of Wireshark (3.5.0) to see if these are included in the mean time.

Not sure what you mean by 'raw frames', but maybe you could explain that in a comment.

edit flag offensive delete link more

Comments

Thank you Jaap Keuter, the values of Application Id, AVPs are present in the Dictionay.xml. For a yum installation of wireshark, this issue is not seen. While building it locally this occurs. Any idea why this might be happening?

snagrath gravatar imagesnagrath ( 2021-10-08 03:21:52 +0000 )edit

For some reason the locally built Wireshark isn't able to find the dictionary. You can look in the About dialog, in the Folders tab, to see where it looks for it.

Jaap gravatar imageJaap ( 2021-10-08 05:27:24 +0000 )edit

Could you please clarify, which About dialog and Folders tab are you referring to?

snagrath gravatar imagesnagrath ( 2021-10-08 06:42:50 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-10-04 13:06:26 +0000

Seen: 250 times

Last updated: Oct 04 '21