This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.
0
1

i have ByteArray of TCP payload (diameter message),(using getByteArray API on Diameter request message)

now i want to dissect and print the diameter data.

i have looked into the code of wireshark, could not find any way to do it.

please suggest some way to do it.

thanks

asked 25 Mar '14, 04:44

Sanny_D's gravatar image

Sanny_D
0182021
accept rate: 50%

What's wrong with the built in dissector? You can add your own .xml files to dissect vendor AVPs.

(25 Mar '14, 05:50) Anders ♦

my question did not sound clear, sorry for that.

i am not using wireshark directly,actually, i have written a C code to dissect network packet,

on the C++ Diameter request object i called getByteArray API and stored it in a memory area, clearly it doesnt contain ether,ip,tcp/udp header information.

now i want to dissect this ByteArray using wireshark API.

how to do it.

(25 Mar '14, 22:44) Sanny_D

See if I got this right, you have extracted the bytes of a Diameter PDU into a buffer in your program and now you want to use Wiresharks code as a library to "dissect" these bytes by calling some API in libwireshark? I'm not sure that would be trivial.

(26 Mar '14, 01:57) Anders ♦

this is exactly what i want to do. using libwireshark i have done dissection of pcap packets (whole) before, but coudnt find a way to directly dissect ByteArray. is this possible

(27 Mar '14, 04:54) Sanny_D

have done it using wireshark dissector code.

permanent link

answered 04 Apr '14, 08:16

Sanny_D's gravatar image

Sanny_D
0182021
accept rate: 50%

hm.. answering your own question with a status update and accepting that, isn't exactly how this site works. Please read the FAQ:

http://ask.wireshark.org/faq/

(04 Apr '14, 08:58) Kurt Knochner ♦

dint find this in faq, well,i it did on purpose, so that it can help others,

(04 Apr '14, 09:23) Sanny_D

but coudnt find a way to directly dissect ByteArray. is this possible

as I see it, you have the following options:

  • write your own dissector code, without the help of Wireshark code
  • use a pcap library (either C++ or another language with interface code) that provides Diameter support, like jnetpcap. Maybe you can borrow from libcrafter.
  • use the code of the Wireshark Diameter dissector as an example to write your own code. I guess that's rather hard, as the Diameter dissector code is not exactly the easiest dissector of all.
  • 'dump' your byte array into a dummy frame (eth/ip/udp), similar to text2pcap, then call tshark on the generated pcap file, parse the output of tshark and use the results in your code

Regards
Kurt

permanent link

answered 27 Mar '14, 11:59

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

thanks kurt!

what i am trying to do is , calling

dissect_diameter_tcp (tvb,pinfo, tree))

API with each argument initialized with required values, is this correct approach, i am not sure if i can populate these structures with correct values.

(30 Mar '14, 22:16) Sanny_D
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×637
×58
×18
×2

question asked: 25 Mar '14, 04:44

question was seen: 3,679 times

last updated: 04 Apr '14, 09:27

p​o​w​e​r​e​d by O​S​Q​A