This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark capture not displaying the correct AVP info

0

I have just downloaded the latest version of Wireshark 1.10.7. I've just done a capture looking at Radius messages and I noticed it's not displaying the correct vendor info in Access-Accept.

In the Access-Accept message, under Radius Protocol, Attribute Value Pairs: - Radius Protocol - Attribute Value Pairs + AVP: l=24 t=Vendor-Specific(26) v=Panthera Networks, Inc.(6527)

In an earlier version of Wireshark 1.6.5 (admittedly on a different computer), this is decoded correctly as - Radius Protocol - Attribute Value Pairs + AVP: l=24 t=Vendor-Specific(26) v=Alcatel-Lucent-Service-Router(6527)

Is there something I've missed in the installation where the 1.10.7 version cannot recognise 6527?

Perhaps, I'm barking up the wrong tree, Within the Wireshark -> radius folder, I do have a file called 'dictionary.alcatel.sr' and in the dictionary.xml file, there is a line: $INCLUDE dictionary.alcatel.sr

asked 21 May '14, 05:32

KenLam's gravatar image

KenLam
11112
accept rate: 0%

in the dictionary.xml file, there is a line: $INCLUDE dictionary.alcatel.sr You actually mean the file Dictionary in ~/radius not ~/diameter/dictionary.xml - right?

(21 May '14, 13:45) Anders ♦

2 Answers:

1

In sminmpec.c which is generated from http://www.iana.org/assignments/enterprise-numbers 6527 is listed as: { 6527, "Panthera Networks, Inc." },

answered 21 May '14, 13:38

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

1

There's some history to this one. The short answer is that Anders is write (Wireshark's code is written based on the IANA registry, and IANA registers the number as Panthera Networks, Inc). However, this explains it a bit ( http://www.circitor.fr/Mibs/Files/TIMETRA-GLOBAL-MIB.mib ):

"The Private Enterprise Number 6527 was assigned to TiMetra Inc., previously known as Panthera Networks, by the IANA on July 14, 2000. TiMetra, Inc. was acquired by Alcatel on July 18, 2003 and has had the timetra enterprise number, 6527, registered to Alcatel."

Further, I can say that some Alcatel routers use that number for SNMP MIBs and decode it simply as "Alcatel" in logs. It's odd since that source claims 6527 was changed to "Alcatel" and Wireshark's older version's source code would suggest it used to, indeed, be Alcatel, so it looks like the IANA may have changed it back (?).

Either way, It's not Wireshark's problem. If the name is wrong and you are the owner, you would need to submit a request to the IANA with this web form: http://pen.iana.org/pen/ModifyPen.page

And if you're not the owner, then you have no standing to have this changed, nor would it make sense for Wireshark to not list these numbers as the IANA reference indicates.

answered 21 May '14, 18:44

Quadratic's gravatar image

Quadratic
1.9k6928
accept rate: 13%

edited 21 May '14, 21:43

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850