Wireshark · Wireshark-users: Re: [Wireshark-users] How to decode AVP 1003 and 1022 ??

Wireshark-users: Re: [Wireshark-users] How to decode AVP 1003 and 1022 ??

From: "Leonard Wu \(liwu\)" <liwu@xxxxxxxxx>

Date: Mon, 27 Aug 2007 22:22:01 -0700

Hi, 

I am finally able to decode AVP 1003 and 1022. Instructions as below:


In case you have wireshark on your local machine, here are the steps you should follow to get your wireshark decode the AVPs:
Add the following lines to dictionary file e.g. C:\program files\wireshark\diameter\dictionary.xml just before the "</base>" tag.
 
<vendor vendor-id="3GPP2" code="5535" name="3GPP2"/>

 

<avp name="Access-Network-Charging-Identifier-value" code="503" vendor-bit="must" may-encrypt="no" vendor-id="TGPP">

<type type-name="UTF8String"/>

</avp> 

 

<avp name="AGW-IP-Address" code="1003" mandatory="must" vendor-bit="must" may-encrypt="no" vendor-id="3GPP2">

<type type-name="IPAddress"/>

</avp>


<avp name="Access-Network-Charging-Identifier-Ty" code="1022" mandatory="must" vendor-bit="must" may-encrypt="no" vendor-id="TGPP">

<grouped>

<gavp name="Access-Network-Charging-Identifier-value"/>

</grouped>

</avp>

And also place the attached libxml2.dll file in your wireshark installation directory-----> e.g. C:\program files\wireshark

Thanks,

Leonard
 
 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Luis EG Ontanon
Sent: Monday, August 27, 2007 3:48 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] How to decode AVP 1003 and 1022 ??

If you are using 0.99.6 or lower you are probably either missing libxml.dll or not have enabled the use of the dictionary in preferences.

BTW Instead of looking for the lib that does not come with wireshark... you could download fromhttp://www.wireshark.org/download/automated/  a recent snapshot which has a greatly improved Diameter dissector .

Luis

On 8/27/07, Leonard Wu (liwu) <liwu@xxxxxxxxx> wrote:
>
>
> Hi,
>
>
> I ve added the following to dictionary.xml, but wirehshark does not 
> decode
> it:
>
>
>
> <avp name="AGW-IP-Address" code="1003" mandatory="may" vendor-bit="must"
> may-encrypt="no">
>
> <type type-name="IPAddress"/>
>
> </avp>
>
> <avp name="Access-Network-Charging identifier-Ty" code="1022"
> mandatory="may" vendor-bit="must" vendor-id="3GPP" may-encrypt="no">
>
>
>
> <type type-name="UTF8String"/>
>
> </avp>
>
>
>
> Thanks,
>
> Leonard
>
>
>
>  ________________________________
>  From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Anders 
> Broman
> Sent: Sunday, August 26, 2007 3:45 AM
> To: 'Community support list for Wireshark'
> Subject: Re: [Wireshark-users] How to decode AVP 1003 and 1022 ??
>
>
>
>
>
> Hi,
>
> Have a look in /diameter/dictionary.xml I think it also holds the 
> reference to the relevant 3GPP specification.
>
> Please send us any update as a patch for inclusion into Wireshark.
>
> Regards
>
> Anders
>
>
>
>  ________________________________
>
>
> Från: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] För Leonard Wu (liwu)
> Skickat: den 26 augusti 2007 09:07
> Till: wireshark-users@xxxxxxxxxxxxx
> Ämne: [Wireshark-users] How to decode AVP 1003 and 1022 ??
>
>
>
>
>
> Hi,
>
>
>
>
>
> My wireshark can't decode AVP 1003 and 1022 as below:
>
>
>
>
>
> Unknown AVP:0x000003eb (1003) (OctetString) l:0x12 (18 bytes) (20 padded
> bytes)
>
>
>     AVP Code: Unknown AVP:0x000003eb (1003) (1003)
>
>
>     AVP Flags: 0xc0 (Mandatory, Vendor-Specific)
>
>
>     AVP Length: 18
>
>
>     AVP Vendor Id: 3rd Generation Partnership Project 2 (3GPP2) (5535)
>
>
>     Hex Data Highlighted Below
>
>
>
>
>
> Unknown AVP:0x000003fe (1022) (OctetString) l:0x20 (32 bytes) (32 padded
> bytes)
>
>
>     AVP Code: Unknown AVP:0x000003fe (1022) (1022)
>
>
>     AVP Flags: 0xc0 (Mandatory, Vendor-Specific)
>
>
>     AVP Length: 32
>
>
>     AVP Vendor Id: 3GPP (10415)
>
>
>     Hex Data Highlighted Below
>
>
>
>
>
> ===
>
>
>
>
>
> I really appreciate if Someone can provide me with some guidance. It has
> blocked my testing work.
>
>
> Is that because wireshark is dictionary-driven and it is possible that not
> all the AVPs have been loaded into it.
>
>
> Is it possible to add new AVPs ?
>
>
>
>
>
> Thanks,
>
>
> Leonard
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>


-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Attachment: libxml2.dll
Description: libxml2.dll

Follow-Ups:
- Re: [Wireshark-users] How to decode AVP 1003 and 1022 ??
  - From: Anders Broman (AL/EAB)

References:
- [Wireshark-users] How to decode AVP 1003 and 1022 ??
  - From: Leonard Wu (liwu)
- Re: [Wireshark-users] How to decode AVP 1003 and 1022 ??
  - From: Anders Broman
- Re: [Wireshark-users] How to decode AVP 1003 and 1022 ??
  - From: Leonard Wu (liwu)
- Re: [Wireshark-users] How to decode AVP 1003 and 1022 ??
  - From: Luis EG Ontanon

Prev by Date: Re: [Wireshark-users] How to find numerical sum of a particular field.
Next by Date: [Wireshark-users] Congestion Window
Previous by thread: Re: [Wireshark-users] How to decode AVP 1003 and 1022 ??
Next by thread: Re: [Wireshark-users] How to decode AVP 1003 and 1022 ??
Index(es):
- Date
- Thread