Hi I have tried following options but the Cisco vendor specific AVPs are not decoded in wireshark for Mac. ->Add the new AVPs in Cisco.xml(vendor-id="Cisco") which is located at /Applications/Wireshark.app/Contents/Resources/share/wireshark/diameter directory and relaunch the wireshark. ->Add the new AVPs in dictionary.xml(vendor-id="Cisco") which is located at /Applications/Wireshark.app/Contents/Resources/share/wireshark/diameter directory and relaunch the wireshark. ->Add the new AVPs in dictionary.xml(vendor-id="TGPP") which is located at /Applications/Wireshark.app/Contents/Resources/share/wireshark/diameter directory and relaunch the wireshark. Can someone please help out in resolving this problem? Regards Sushil asked 13 Nov '14, 14:29  SSushilK edited 14 Nov '14, 20:29  Guy Harris ♦♦ |
One Answer:
Either of the first two should work. That assumes, of course, that
I would also encourage you to submit your changes and a sample capture to the bug database so those AVPs could be added to future versions of Wireshark. (If it still doesn't work for you then someone could also help figure out what's going wrong.) answered 13 Nov '14, 17:44  JeffMorriss ♦ |
Thanks Jeff for the quick response. Actually, the message has the Cisco specific AVPs with V bit set and Vendor-Id set to 9. If the Vendor-Id is expected to be 5771, how do we add the rule in the xml file to process the AVPs with Vendor-Id set to 9 since the format in xml is like vendor-id="Cisco"? Thanks in Advance!
In dictionary.xml, add vendor id for cisco-systems with the value of 9 and name cisco-systems then add the AVP to cisco.xml with the vendoriset to cisco-systems.
Thanks Anders. It worked after making the suggested changes.