Ask Your Question
0

Can Wireshark decode DIAMETER packets without the IP or transport layer?

asked 2019-04-17 16:17:30 +0000

srikanth gravatar image

updated 2019-04-17 16:56:20 +0000

Guy Harris gravatar image

I wonder if Wireshark can decode the diameter packet without the Transport and IP Layer.

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
1

answered 2019-04-17 21:02:25 +0000

Anders gravatar image

Wireshark reads various file types like pcap. If you create a pcap file with a user dlt and the rest diameter packet data wireshark can dissect that. If you have diameter packet data in a hex dump txt2pcap can convert that to a pcap file readable by wireshark. The exported pdu format could also be used.

edit flag offensive delete link more
add a comment
0

answered 2019-04-17 20:39:03 +0000

Ross Jacobs gravatar image

Per Wireshark's DIAMETER documentation, a port and TCP/STCP will be used. Thus Wireshark will be expecting the transport layer (and by extension, the underlying network layer).

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2019-04-17 16:17:30 +0000

Seen: 2,251 times

Last updated: Apr 17 '19