so I am trying to dissect diameter packets using wireshark library, when i apply filter 'diameter', and then call dfilter_apply_edt , it always returning false. what could be the reason behind this. thanks. asked 15 Jan '14, 00:29 Sanny_D showing 5 of 8 show 3 more comments |
Perhaps the packets are not recognised as Diameter? what's in the frame you are trying to dissect? a full frame starting from ethernet? What happens if you let Wireshark dissect the frame?
actually, i was trying to dissect output of 'ngrep pcap dump', but it does not support packet reassembly, i guess that is why it is not dissecting ?
it depends on the output format of ngrep. What are the options you were using for ngrep?
ngrep ".;5233184391;9999" -I /tmp/pcapd/santo.pcap -O sip:incredible_2.pcap -q -t -w 2>&1 >>/dev/null
".;5233184391;9999" is the matching expression. then i am trying to dissect the sip:incredible_2.pcap file, but surprisingly wireshark dissect it fine.
Which protocols do you see in Wireshark?
protocols ins frame->eth:ip:sctp:diameter:diameter
well, then something in your code could be wrong. Is it available online?
its here, http://snipt.org/BRjj5
printf("\nfailed_passed\n");fflush(stdout); executed for some messages.