Camel protocol Dissection

asked 2025-05-12 00:31:13 +0000

claudio_ract gravatar image

Hello, I need to extract requests from the camel protocol, just like I do today with Diameter, so that they are not encapsulated.

In Diameter, I run the command below:

/usr/bin/tshark -i any -d tcp.port==31009,diameter -d tcp.port==31010,diameter -d tcp.port==31112,diameter -d tcp.port==31113,diameter \ 
-d sctp.port==31009,diameter -d sctp.port==31010,diameter -d sctp.port==31112,diameter -d sctp.port==31113,diameter\ 
-d tcp.port==3868,diameter -d tcp.port==3869,diameter -d tcp.port==3870,diameter\ 
-d sctp.port==3868,diameter -d sctp.port==3869,diameter -d sctp.port==3870,diameter\ 
-z diameter,avp,275,Auth-Application-Id,CC-Request-Type,Session-Id,CC-Request-Number,Subscription-Id-Data,Origin-Host,Destination-Realm,\
RAT-Type,APN-Aggregate-Max-Bitrate-UL,APN-Aggregate-Max-Bitrate-DL,3GPP-SGSN-MCC-MNC,Result-Code,Charging-Rule-Base-Name,3GPP-Reporting-Reason,\
Termination-Cause,Route-Record,Event-Trigger,QoS-Class-Identifier,AF-Charging-Identifier,Charging-Rule-Name,Rule-Failure-Code,Specific-Action,\
Media-Type,framed_ipv6_prefix_ipv6,Experimental-Result\ 
-r file_name.pcap

I can't do it on Camel. When I run the command below, it doesn't extract the detailed information like it does on Diameter.

claro@taishan1:/bkp/bkp_claudio$ /usr/bin/tshark -i any -nnn -o "sccp.default_payload: tcap" -z gsm_map,operation -r amecap01_11052025-203401.pcap | head 
1 0.000000 10.107.37.5 → 10.160.15.134 SCTP 64 SACK (Ack=797457, Arwnd=15728640) 
2 0.003926 10.129.13.27 → 10.107.37.5 SCTP 64 SACK (Ack=2338195772, Arwnd=204800) 
3 0.004530 16379 → 4042 Camel-v2 320 invoke requestReportBCSMEvent invoke connect 
4 0.008961 6122 → 16379 Camel-v3 280 invoke initialDPSMS 
5 0.010356 9224 → 16379 Camel-v3 272 invoke initialDPSMS 
6 0.010814 10.192.15.140 → 10.107.37.5 M3UA (RFC 4666) 88 DAVA 
7 0.022105 9227 → 16379 Camel 160 invoke eventReportSMS 
8 0.036311 16379 → 6122 Camel-v3 248 SACK (Ack=12038294, Arwnd=15728640) invoke requestReportSMSEvent invoke connectSMS 
9 0.039042 10.141.15.233 → 10.107.37.68 SCTP 72 HEARTBEAT 
10 0.039083 10.107.37.68 → 10.141.15.233 SCTP 72 HEARTBEAT_ACK
edit retag flag offensive close merge delete
add a comment