The Diameter base protocol is intended to provide an Authentication, Authorization and Accounting (AAA) framework for applications such as network access or IP mobility. Diameter is also intended to work in both local Authentication, Authorization & Accounting and roaming situations. This document specifies the message format, transport, error reporting, accounting and security services to be used by all Diameter applications. The Diameter base application needs to be supported by all Diameter implementations.
This is the successor of the ["RADIUS"] protocol.
- ["TCP"]: Typically, DIAMETER uses ["TCP"] as its transport protocol. The well known TCP port for DIAMETER traffic is 3868.
- ["SCTP"]: Typically, DIAMETER uses ["SCTP"] as its transport protocol. The well known SCTP port for DIAMETER traffic is 3868.
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The DIAMETER dissector is fully functional. The dissection of AVP:s is specified in .xml files in the diameter directory. Wireshark 0.99.7 or later reads these files without any extra libraries. You can add AVP dissection of vendor specific or missing AVP:s by editing those files. If you add publicly available AVP:s please send us the updates. Currently there is a problem with application Id, if two AVP:s have the same vendor Id but different Application ID WS can't distinguish between them [http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1494 Bug1494].
- TCP Port(s)/range. TCP packets on this port(s)/range will be dissected as Diameter.
- SCTP port. SCTP packets on this port will be dissected as Diameter.
- Reassemble Diameter messages spanning multiple TCP segments. Default on.
Example capture file
XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
A complete list of DIAMETER display filter fields can be found in the [http://www.wireshark.org/docs/dfref/d/diameter.html display filter reference]
Show only DIAMETER traffic:
You cannot directly filter DIAMETER protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.
Capture DIAMETER traffic over the default TCP port (3868):
tcp port 3868
[http://www.ietf.org/rfc/rfc3588.txt RFC 3588] Diameter Base Protocol
[http://www.ietf.org/rfc/rfc3589.txt RFC 3589] Diameter Command Codes for Third Generation Partnership Project (3GPP) Release 5
[http://www.ietf.org/rfc/rfc4004.txt RFC 4004] Diameter Mobile IPv4 Application
[http://www.ietf.org/rfc/rfc4005.txt RFC 4005] Diameter Network Access Server Application
[http://www.ietf.org/rfc/rfc4006.txt RFC 4006] Diameter Credit-control Application
[http://www.ietf.org/rfc/rfc4072.txt RFC 4072] Diameter Extensible Authentication Protocol (EAP) Application
[http://www.ietf.org/rfc/rfc4740.txt RFC 4740] Diameter Session Initiation Protocol (SIP) Application
[http://www.ietf.org/html.charters/aaa-charter.html IETF aaa-charter]
[http://www.interlinknetworks.com/whitepapers/Intro_to_Diameter.htm Introduction to Diameter]
* [http://www.ietf.org/internet-drafts/draft-ietf-marid-csv-intro-02.txt Client SMTP Validation (CSV)]
Open source Diameter implementation:
[http://www.opendiameter.org/ Open Diameter]
[http://www.traffixsystems.com/ Open Source GPL Diameter in Java, maintained by Traffix Systems]