First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Diameter packet shows as tcp

  • retag add tags

Hello. I have tshart performing packet captures. I have seen it where it discards diameter packets because it thinks it is a TCP packet. Same packet when opened In wireshark looks correct. Are there any tshark settings that need to be tweaked?

SSel's avatar
1
SSel
asked 2019-05-20 20:46:02 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

I think you need to turn off TCP reassemble when the Diameter message spans multiple TCP segments. In your preference file I believe its enabled by default.

# Whether the Diameter dissector should reassemble messages spanning multiple TCP segments. To use this option, you must also enable "Allow subdissectors to reassemble TCP streams" in the TCP protocol settings.
# TRUE or FALSE (case-insensitive)
#diameter.desegment: TRUE

If am correct, you would need -o tcp.desegment_tcp_streams:FALSE in your syntax.

Grrrshark's avatar
3
Grrrshark
answered 2019-05-21 16:17:52 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer