This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 21 and 22
Revision 21 as of 2008-01-28 19:15:19
Size: 3918
Editor: 90-227-134-108-no52
Comment:
Revision 22 as of 2008-04-12 17:51:45
Size: 3948
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
This is the successor of the ["RADIUS"] protocol. This is the successor of the [[RADIUS]] protocol.
Line 11: Line 11:
 * ["TCP"]: Typically, DIAMETER uses ["TCP"] as its transport protocol. The well known TCP port for DIAMETER traffic is 3868.
 * ["SCTP"]: Typically, DIAMETER uses ["SCTP"] as its transport protocol. The well known SCTP port for DIAMETER traffic is 3868.
 * [[TCP]]: Typically, DIAMETER uses [[TCP]] as its transport protocol. The well known TCP port for DIAMETER traffic is 3868.
 * [[SCTP]]: Typically, DIAMETER uses [[SCTP]] as its transport protocol. The well known SCTP port for DIAMETER traffic is 3868.
Line 21: Line 21:
Currently there is a problem with application Id, if two AVP:s have the same vendor Id but different Application ID WS can't distinguish between them [http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1494 Bug1494]. Currently there is a problem with application Id, if two AVP:s have the same vendor Id but different Application ID WS can't distinguish between them [[http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1494|Bug1494]].
Line 34: Line 34:
A complete list of DIAMETER display filter fields can be found in the [http://www.wireshark.org/docs/dfref/d/diameter.html display filter reference] A complete list of DIAMETER display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/d/diameter.html|display filter reference]]
Line 41: Line 41:
You cannot directly filter DIAMETER protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one. You cannot directly filter DIAMETER protocols while capturing. However, if you know the [[TCP]] port used (see above), you can filter on that one.
Line 48: Line 48:
 * [http://www.ietf.org/rfc/rfc3588.txt RFC 3588] ''Diameter Base Protocol''
 * [http://www.ietf.org/rfc/rfc3589.txt RFC 3589] ''Diameter Command Codes for Third Generation Partnership Project (3GPP) Release 5''
 * [http://www.ietf.org/rfc/rfc4004.txt RFC 4004] ''Diameter Mobile IPv4 Application''
 * [http://www.ietf.org/rfc/rfc4005.txt RFC 4005] ''Diameter Network Access Server Application''
 * [http://www.ietf.org/rfc/rfc4006.txt RFC 4006] ''Diameter Credit-control Application''
 * [http://www.ietf.org/rfc/rfc4072.txt RFC 4072] ''Diameter Extensible Authentication Protocol (EAP) Application''
 * [http://www.ietf.org/rfc/rfc4740.txt RFC 4740] ''Diameter Session Initiation Protocol (SIP) Application''
 * [http://www.iana.org/assignments/aaa-parameters aaa-parameters]
 * [http://www.ietf.org/html.charters/aaa-charter.html IETF aaa-charter]
 * [http://www.interlinknetworks.com/whitepapers/Intro_to_Diameter.htm Introduction to Diameter]
 * [[http://www.ietf.org/rfc/rfc3588.txt|RFC 3588]] ''Diameter Base Protocol''
 * [[http://www.ietf.org/rfc/rfc3589.txt|RFC 3589]] ''Diameter Command Codes for Third Generation Partnership Project (3GPP) Release 5''
 * [[http://www.ietf.org/rfc/rfc4004.txt|RFC 4004]] ''Diameter Mobile IPv4 Application''
 * [[http://www.ietf.org/rfc/rfc4005.txt|RFC 4005]] ''Diameter Network Access Server Application''
 * [[http://www.ietf.org/rfc/rfc4006.txt|RFC 4006]] ''Diameter Credit-control Application''
 * [[http://www.ietf.org/rfc/rfc4072.txt|RFC 4072]] ''Diameter Extensible Authentication Protocol (EAP) Application''
 * [[http://www.ietf.org/rfc/rfc4740.txt|RFC 4740]] ''Diameter Session Initiation Protocol (SIP) Application''
 * [[http://www.iana.org/assignments/aaa-parameters|aaa-parameters]]
 * [[http://www.ietf.org/html.charters/aaa-charter.html|IETF aaa-charter]]
 * [[http://www.interlinknetworks.com/whitepapers/Intro_to_Diameter.htm|Introduction to Diameter]]
Line 61: Line 61:
* [http://www.ietf.org/internet-drafts/draft-ietf-marid-csv-intro-02.txt Client SMTP Validation (CSV)] * [[http://www.ietf.org/internet-drafts/draft-ietf-marid-csv-intro-02.txt|Client SMTP Validation (CSV)]]
Line 65: Line 65:
 * [http://www.opendiameter.org/ Open Diameter]
 * [http://www.traffixsystems.com/ Open Source GPL Diameter in Java, maintained by Traffix Systems]
 * [[http://www.opendiameter.org/|Open Diameter]]
 * [[http://www.traffixsystems.com/|Open Source GPL Diameter in Java, maintained by Traffix Systems]]

DIAMETER

The Diameter base protocol is intended to provide an Authentication, Authorization and Accounting (AAA) framework for applications such as network access or IP mobility. Diameter is also intended to work in both local Authentication, Authorization & Accounting and roaming situations. This document specifies the message format, transport, error reporting, accounting and security services to be used by all Diameter applications. The Diameter base application needs to be supported by all Diameter implementations.

History

This is the successor of the RADIUS protocol.

Protocol dependencies

  • TCP: Typically, DIAMETER uses TCP as its transport protocol. The well known TCP port for DIAMETER traffic is 3868.

  • SCTP: Typically, DIAMETER uses SCTP as its transport protocol. The well known SCTP port for DIAMETER traffic is 3868.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The DIAMETER dissector is fully functional. The dissection of AVP:s is specified in .xml files in the diameter directory. Wireshark 0.99.7 or later reads these files without any extra libraries. You can add AVP dissection of vendor specific or missing AVP:s by editing those files. If you add publicly available AVP:s please send us the updates. Currently there is a problem with application Id, if two AVP:s have the same vendor Id but different Application ID WS can't distinguish between them Bug1494.

Preference Settings

  • TCP Port(s)/range. TCP packets on this port(s)/range will be dissected as Diameter.
  • SCTP port. SCTP packets on this port will be dissected as Diameter.
  • Reassemble Diameter messages spanning multiple TCP segments. Default on.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of DIAMETER display filter fields can be found in the display filter reference

  • Show only DIAMETER traffic:

     diameter 

Capture Filter

You cannot directly filter DIAMETER protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

  • Capture DIAMETER traffic over the default TCP port (3868):

     tcp port 3868 

Internet-drafts:

* Client SMTP Validation (CSV)

Open source Diameter implementation:

Discussion

DIAMETER (last edited 2014-04-16 20:07:46 by JeffMorriss)