Hello. I have tshart performing packet captures. I have seen it where it discards diameter packets because it thinks it is a TCP packet. Same packet when opened In wireshark looks correct. Are there any tshark settings that need to be tweaked?
I think you need to turn off TCP reassemble when the Diameter message spans multiple TCP segments. In your preference file I believe its enabled by default.
# Whether the Diameter dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive)
#diameter.desegment: TRUE
If am correct, you would need -o tcp.desegment_tcp_streams:FALSE in your syntax.
Asked: 2019-05-20 20:46:02 +0000
Seen: 617 times
Last updated: May 21 '19
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.