Diameter 'Answer In'/'Request In' fields not available with tshark/pyshark
Hi All,
I am using pyshark (a Python wrapper for tshark) to analyse traffic capture files, and I ran into a problem around finding Diameter Common Messages request/answer pairs.
The Wireshark GUI helps identifying the answer to a specific Diameter request packet with the field called Answer In. The Request In field helps the other way around. See the Wireshark Diameter Protocol Display Filter Reference, diameter.answer_in and diameter.answer_to field names.
Using the above information makes it easy to construct display filters in the Wireshark GUI for selecting specific request/answer pairs. Unfortunately, when using the tshark CLI on the same capture file, this field seems to be missing.
tshark -r d:/test.pcapng -Y diameter.answer_in # Works in Wireshark GUI, not in tshark
What do I need to use these field names for filtering capture files with tshark?
My tshark version is: TShark (Wireshark) 2.9.0 (v2.9.0-0-gf4238cd2)
Many thanks, Bence
2.9 is a development version, you should upgrade to the stable release 3.0 if you can.
I did have the 3.0 version, but had to downgrade because it broke something with pyshark. Can't recall what it was exactly, maybe it is fixed now in pyshark, will give it another try later. Thanks