Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 4560] New: New feature: extract specified diameter AVPs fr

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sat, 6 Mar 2010 03:46:15 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4560

           Summary: New feature: extract specified diameter AVPs from
                    large capture files
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: andrejk@xxxxxxxxxx


Created an attachment (id=4371)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4371)
pach: New feature: extract specified diameter AVPs from large capture files 

Build Information:
TShark 1.3.4 (SVN Rev 32126 from /trunk)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.22.4, with libpcap 1.0.0, with libz 1.2.3, without POSIX
capabilities, without libpcre, without SMI, without c-ares, without ADNS, with
Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.4, with MIT
Kerberos, without GeoIP.

Running on Linux 2.6.31.12-174.2.22.fc12.i686, with libpcap version 1.0.0,
GnuTLS 2.8.5, Gcrypt 1.4.4.

Built using gcc 4.4.3 20100127 (Red Hat 4.4.3-4).

--
New feature: extract specified diameter AVPs from large capture files 

Reason for new feature:
extraction of specified diameter AVPs from large capture files is nearly
imossible in current version:
- extraction using -T text, -T pdml options is extremely slow
- extraction using -T field and -z proto,colinfo are very limited for
diameter-AVP

Description:
New option is -z diameter,avp[list of diameter fields].

* This TAP enables extraction of most important diameter fields in text format.
* - much more performance than -T text and -T pdml
* - more powerfull than -T field and -z proto,colinfo
* - exacltly one text line per diameter message
* - multiple diameter messages in one frame supported
*   E.g. one device watchdog answer and two credit control answers
*        in one TCP packet produces 3 text lines.
* - several fields with same name within one diameter message supported
*   E.g. Multiple AVP(444) Subscription-Id-Data once with IMSI once with MSISDN
* - several grouped AVPs supported
*   E.g. Zero or more Multiple-Services-Credit-Control AVPs(456)


Usage examples:
tshark -r diameter.cap  -z diameter,avp
tshark -r diameter.cap  -z
diameter,avp,CC-Request-Number,Rating-Group,Result-Code

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube