This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 27 and 28
Revision 27 as of 2010-09-22 13:23:17
Size: 4394
Editor: BillMeier
Comment: Minor wording, formatting and spelling changes.
Revision 28 as of 2012-09-14 15:32:37
Size: 4958
Editor: JeffMorriss
Comment: Some general cleanup. Add example traffic.
Deletions are marked like this. Additions are marked like this.
Line 11: Line 11:

 * [[TCP]]: Typically, DIAMETER uses [[TCP]] as its transport protocol. The well known TCP port for DIAMETER traffic is 3868.
 * [[SCTP]]: Typically, DIAMETER uses [[SCTP]] as its transport protocol. The well known SCTP port for DIAMETER traffic is 3868.
 * [[TCP]] or [[SCTP]]: Typically DIAMETER uses [[TCP]] or [[SCTP]] as its transport protocol. Its well-known port is 3868. Its well-known SCTP Payload Protocol Identifier is 46 (47 when encrypted with [[DTLS]]).
Line 17: Line 15:
XXX - Add example traffic here (as plain text or Wireshark screenshot). {{{
Diameter Protocol
    Version: 0x01
    Length: 312
    Flags: 0x80
    Command Code: 272 Credit-Control
    ApplicationId: 16777266
    Hop-by-Hop Identifier: 0x00000002
    End-to-End Identifier: 0x00000002
    [Answer In: 6]
    AVP: Session-Id(263) l=47 f=-M- val=rosso.C1R1.com;4FD78691;5458;3B9ACA00;0
    AVP: Origin-Host(264) l=22 f=-M- val=rosso.C1R1.com
    AVP: Origin-Realm(296) l=16 f=-M- val=C1R1.com
    AVP: Destination-Realm(283) l=14 f=-M- val=R1.com
    AVP: CC-Request-Type(416) l=12 f=-M- val=INITIAL_REQUEST (1)
    AVP: CC-Request-Number(415) l=12 f=-M- val=0
    AVP: Subscription-Id(443) l=44 f=-M-
}}}
Line 21: Line 36:
The DIAMETER dissector is fully functional. The dissection of AVP:s is specified in .xml files in the diameter directory. Wireshark 0.99.7 or later reads these files without any extra libraries. You can add AVP dissection of vendor specific or missing AVP:s by editing those files. If you add publicly available AVP:s please send us the updates. The DIAMETER dissector is fully functional. The dissection of AVPs is specified in .xml files in the diameter directory. You can add AVP dissection of vendor-specific or missing AVPs by editing those files. If you add publicly available AVPs please send us the updates.
Line 23: Line 38:
Currently there is a problem with application Id: if two AVP:s have the same vendor Id but different Application ID WS can't distinguish between them ([[http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1494|Bug1494]]). Currently there is a problem with application Id: if two AVPs have the same vendor Id but different Application ID WS can't distinguish between them ([[http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1494|Bug 1494]]).
Line 25: Line 40:
A known problem is 3GPP vendor specific AVP:s in the range 1 - 26 in TGPPGmb.xml and imscxdx.xml which are mutually exclusive; depending on which 3GPP interface you are tracing one set will have to be commented out. (In the Wireshark distribution, the set in imscxdx.xml is commented out).    A known problem is 3GPP vendor specific AVPs in the range 1 - 26 in TGPPGmb.xml and imscxdx.xml which are mutually exclusive; depending on which 3GPP interface you are tracing one set will have to be commented out. (In the Wireshark distribution, the set in imscxdx.xml is commented out).
Line 30: Line 45:
 * SCTP port. SCTP packets on this port will be dissected as Diameter.  * SCTP port(s)/range. SCTP packets on this port will be dissected as Diameter.
Line 45: Line 60:
You cannot directly filter DIAMETER protocols while capturing. However, if you know the [[TCP]] port used (see above), you can filter on that one. You cannot directly filter DIAMETER protocols while capturing. However, if you know the [[TCP]] or [[SCTP]] port used (see above), you can filter on that one.
Line 49: Line 64:

 Capture DIAMETER traffic over the default SCTP port (3868): {{{
 sctp port 3868 }}}
Line 64: Line 82:
 
Line 69: Line 87:
 * [[http://www.opendiameter.org/|Open Diameter]]   * [[http://www.opendiameter.org/|Open Diameter]]
Line 72: Line 90:

DIAMETER

[From RFC 3588] "The Diameter base protocol is intended to provide an Authentication, Authorization and Accounting (AAA) framework for applications such as network access or IP mobility. Diameter is also intended to work in both local Authentication, Authorization & Accounting and roaming situations. This document specifies the message format, transport, error reporting, accounting and security services to be used by all Diameter applications. The Diameter base application needs to be supported by all Diameter implementations".

History

This is the successor of the RADIUS protocol.

Protocol dependencies

  • TCP or SCTP: Typically DIAMETER uses TCP or SCTP as its transport protocol. Its well-known port is 3868. Its well-known SCTP Payload Protocol Identifier is 46 (47 when encrypted with DTLS).

Example traffic

Diameter Protocol
    Version: 0x01
    Length: 312
    Flags: 0x80
    Command Code: 272 Credit-Control
    ApplicationId: 16777266
    Hop-by-Hop Identifier: 0x00000002
    End-to-End Identifier: 0x00000002
    [Answer In: 6]
    AVP: Session-Id(263) l=47 f=-M- val=rosso.C1R1.com;4FD78691;5458;3B9ACA00;0
    AVP: Origin-Host(264) l=22 f=-M- val=rosso.C1R1.com
    AVP: Origin-Realm(296) l=16 f=-M- val=C1R1.com
    AVP: Destination-Realm(283) l=14 f=-M- val=R1.com
    AVP: CC-Request-Type(416) l=12 f=-M- val=INITIAL_REQUEST (1)
    AVP: CC-Request-Number(415) l=12 f=-M- val=0
    AVP: Subscription-Id(443) l=44 f=-M-

Wireshark

The DIAMETER dissector is fully functional. The dissection of AVPs is specified in .xml files in the diameter directory. You can add AVP dissection of vendor-specific or missing AVPs by editing those files. If you add publicly available AVPs please send us the updates.

Currently there is a problem with application Id: if two AVPs have the same vendor Id but different Application ID WS can't distinguish between them (Bug 1494).

A known problem is 3GPP vendor specific AVPs in the range 1 - 26 in TGPPGmb.xml and imscxdx.xml which are mutually exclusive; depending on which 3GPP interface you are tracing one set will have to be commented out. (In the Wireshark distribution, the set in imscxdx.xml is commented out).

Preference Settings

  • TCP Port(s)/range. TCP packets on this port(s)/range will be dissected as Diameter.
  • SCTP port(s)/range. SCTP packets on this port will be dissected as Diameter.
  • Reassemble Diameter messages spanning multiple TCP segments. Default on.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of DIAMETER display filter fields can be found in the display filter reference

  • Show only DIAMETER traffic:

     diameter 

Capture Filter

You cannot directly filter DIAMETER protocols while capturing. However, if you know the TCP or SCTP port used (see above), you can filter on that one.

  • Capture DIAMETER traffic over the default TCP port (3868):

     tcp port 3868 

    Capture DIAMETER traffic over the default SCTP port (3868):

     sctp port 3868 

Internet-drafts:

* Client SMTP Validation (CSV)

Open source Diameter implementation:

Discussion

DIAMETER (last edited 2014-04-16 20:07:46 by JeffMorriss)