This is our old Q&A Site. Please post any new questions and answers at

i have ByteArray of TCP payload (diameter message),(using getByteArray API on Diameter request message)

now i want to dissect and print the diameter data.

i have looked into the code of wireshark, could not find any way to do it.

please suggest some way to do it.


asked 25 Mar '14, 04:44

Sanny_D's gravatar image

accept rate: 50%

What's wrong with the built in dissector? You can add your own .xml files to dissect vendor AVPs.

(25 Mar '14, 05:50) Anders ♦

my question did not sound clear, sorry for that.

i am not using wireshark directly,actually, i have written a C code to dissect network packet,

on the C++ Diameter request object i called getByteArray API and stored it in a memory area, clearly it doesnt contain ether,ip,tcp/udp header information.

now i want to dissect this ByteArray using wireshark API.

how to do it.

(25 Mar '14, 22:44) Sanny_D

See if I got this right, you have extracted the bytes of a Diameter PDU into a buffer in your program and now you want to use Wiresharks code as a library to "dissect" these bytes by calling some API in libwireshark? I'm not sure that would be trivial.

(26 Mar '14, 01:57) Anders ♦

this is exactly what i want to do. using libwireshark i have done dissection of pcap packets (whole) before, but coudnt find a way to directly dissect ByteArray. is this possible

(27 Mar '14, 04:54) Sanny_D

have done it using wireshark dissector code.

permanent link

answered 04 Apr '14, 08:16

Sanny_D's gravatar image

accept rate: 50%

hm.. answering your own question with a status update and accepting that, isn't exactly how this site works. Please read the FAQ:

(04 Apr '14, 08:58) Kurt Knochner ♦

dint find this in faq, well,i it did on purpose, so that it can help others,

(04 Apr '14, 09:23) Sanny_D

but coudnt find a way to directly dissect ByteArray. is this possible

as I see it, you have the following options:

  • write your own dissector code, without the help of Wireshark code
  • use a pcap library (either C++ or another language with interface code) that provides Diameter support, like jnetpcap. Maybe you can borrow from libcrafter.
  • use the code of the Wireshark Diameter dissector as an example to write your own code. I guess that's rather hard, as the Diameter dissector code is not exactly the easiest dissector of all.
  • 'dump' your byte array into a dummy frame (eth/ip/udp), similar to text2pcap, then call tshark on the generated pcap file, parse the output of tshark and use the results in your code


permanent link

answered 27 Mar '14, 11:59

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

thanks kurt!

what i am trying to do is , calling

dissect_diameter_tcp (tvb,pinfo, tree))

API with each argument initialized with required values, is this correct approach, i am not sure if i can populate these structures with correct values.

(30 Mar '14, 22:16) Sanny_D
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 25 Mar '14, 04:44

question was seen: 3,679 times

last updated: 04 Apr '14, 09:27

p​o​w​e​r​e​d by O​S​Q​A