Ask Your Question
0

Can Wireshark decode DIAMETER packets without the IP or transport layer?

asked 2019-04-17 16:17:30 +0000

updated 2019-04-17 16:56:20 +0000

Guy Harris gravatar image

I wonder if Wireshark can decode the diameter packet without the Transport and IP Layer.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2019-04-17 21:02:25 +0000

Anders gravatar image

Wireshark reads various file types like pcap. If you create a pcap file with a user dlt and the rest diameter packet data wireshark can dissect that. If you have diameter packet data in a hex dump txt2pcap can convert that to a pcap file readable by wireshark. The exported pdu format could also be used.

edit flag offensive delete link more
0

answered 2019-04-17 20:39:03 +0000

Ross Jacobs gravatar image

Per Wireshark's DIAMETER documentation, a port and TCP/STCP will be used. Thus Wireshark will be expecting the transport layer (and by extension, the underlying network layer).

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2019-04-17 16:17:30 +0000

Seen: 99 times

Last updated: Apr 17