THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Can Wireshark decode DIAMETER packets without the IP or transport layer?

  • retag add tags

I wonder if Wireshark can decode the diameter packet without the Transport and IP Layer.

srikanth's avatar
1
srikanth
asked 2019-04-17 16:17:30 +0000
Guy Harris's avatar
19.9k
Guy Harris
updated 2019-04-17 16:56:20 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

1

Wireshark reads various file types like pcap. If you create a pcap file with a user dlt and the rest diameter packet data wireshark can dissect that. If you have diameter packet data in a hex dump txt2pcap can convert that to a pcap file readable by wireshark. The exported pdu format could also be used.

Anders's avatar
5k
Anders
answered 2019-04-17 21:02:25 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments
0

Per Wireshark's DIAMETER documentation, a port and TCP/STCP will be used. Thus Wireshark will be expecting the transport layer (and by extension, the underlying network layer).

Ross Jacobs's avatar
71
Ross Jacobs
answered 2019-04-17 20:39:03 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer