This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Diameter AVP is shown as UNKNOWN in Wireshark Trace

0

Hi, I am trying to decode the Diameter AVP code 1016 ( QoS-INformation ) , The trace shows as UNKNOWN AVP..

AVP Code: 1016 Unknown AVP, if you know what this is you can add it to the dictionary.xml

I checked in the dictionary file. The entry is very much present in the dictionary.xml

 <avp name="QoS-Information" code="1016" mandatory="must" may-encrypt="yes" vendor-bit="must" vendor-id="TGPP">

Please help me how do I decode the AVP in Wireshark??

asked 30 Aug '16, 03:31

sgajjala's gravatar image

sgajjala
6112
accept rate: 0%

edited 30 Aug '16, 10:53

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572


One Answer:

1

I think the application sending the avp is buggy and should be changed to set the vendor bit and include the vendor ID. Changing wireshark is the wrong way to go.

answered 30 Aug '16, 05:45

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

I just removed the flags vendor-bit="must" and vendor-id="TGPP" from the above definition. Now wireshark shows the correct decode.. Is it the right way to do it??

(30 Aug '16, 04:59) sgajjala

Agreed - QoS-Information is not an IANA-specified AVP it's a 3GPP defined. Wireshark is highlighting that the sender is in error.

(30 Aug '16, 06:43) JeffMorriss ♦

No. Se above.

(30 Aug '16, 10:48) Anders ♦

Thanks Anders and jeffMorriss for the info. I am sending the DIAMETER CCR Request with the below xml file..

<command name="CCR"> <avp name="Session-Id" value="value_is_replaced"> </avp> <avp name="Vendor-Specific-Application-Id"> <avp name="Vendor-Id" value="10415"></avp> <avp name="Auth-Application-Id" value="16777266"></avp> </avp> <avp name="Auth-Session-State" value="1"> </avp> <avp name="Origin-Host" value="seagull"> </avp> <avp name="Origin-Realm" value="ims.hpintelco.org"> </avp> <avp name="Destination-Realm" value="ims.hpintelco.org"> </avp> <avp name="Framed-IP-Address" value="0x0A0A0A0A"> </avp> <avp name="User-Equipment-Info"> <avp name="User-Equipment-Info-Type" value="1"> </avp> <avp name="User-Equipment-Info-Value" value="0x050102030A0B"> </avp> </avp> <avp name="Qos-Information"> <avp name="Qos-Class-Identifier" value="1"> </avp> <avp name="Max-Requested-Bandwidth-UL" value="123"> </avp> <avp name="Max-Requested-Bandwidth-DL" value="456"> </avp> <avp name="Guaranteed-Bitrate-UL" value="789"> </avp> <avp name="Guaranteed-Bitrate-DL" value="012"> </avp> <avp name="Bearer-Identifier" value="Sudhakar"> </avp> <avp name="Allocation-Retention-Priority"> <avp name="Priority-Level" value="1"> </avp> <avp name="Pre-emption-Capability" value="0"> </avp> <avp name="Pre-emption-Vulnerability" value="1"> </avp> </avp> <avp name="APN-Aggregate-Max-Bitrate-UL" value="123"> </avp> <avp name="APN-Aggregate-Max-Bitrate-DL" value="456"> </avp> </avp>

I am setting the Vendor Id to 10415 which is TGPP as per dictionary.xml in wireshark

<vendor vendor-id="TGPP" code="10415" name="3GPP"/>

It matches the Vendor Id with the dictionary. The trace is shown as UNKNOWN

Please check the screenshot attached.. alt text

Let me know how do I get the Vendor Id corrected in my CCR Request so that wireshark decodes it properly?? Thanks, Gajjala

(30 Aug '16, 21:57) sgajjala

You have to use the Vendor ID as part of the header of your QoS-Information AVP. I.e. in the AVP's flags, bit "vendor-specific" must be set and, corresponding to that, a four-octet Vendor ID (0x000028af which equals to 10415) must be inserted at the right place, i.e. after the three octets of AVP length. How to express that in your xml source is, however, not a Wireshark question. Maybe <avp name="Qos-Information" vendor-id="10415"> will do the trick, and maybe it won't.

(31 Aug '16, 03:24) sindy

I need to figure out how to send the Vendor-Id in the AVP QoS-Information. If you see my above xml file, the vendor-Id field is also mentioned as a separate AVP but not under QoS-Information AVP.

Anyone worked on Seagull tool scenario file will be able to help me out.. Any leads ??

(01 Sep '16, 04:42) sgajjala

Tested the scenario by adding Vendor-Id filed under QoS-Infomation AVP but no luck.

(01 Sep '16, 04:44) sgajjala

As said, this is far beyond the scope of this site. However, it seems to me that you'll just have to extend the dictionary part of Seagull's configuration by defining (or maybe extending an existing definition of) your Qos-Information AVP before using it in your <command>.

As the header field Vendor-ID is already defined (as an optional one) in the default <body> definition, you only have to extend the list of avps in the <dictionary> section with the following one (or, if it exists, modify it accordingly):

<define name="Qos-Information" type="Grouped">
  <setfield name="avp-code" value="1016"></setfield>
  <setfield name="flags" value="192"></setfield>
  <setfield name="Vendor-ID" value="10415"></setfield>
</define>

This should be the only change necessary.

(01 Sep '16, 05:25) sindy
showing 5 of 8 show 3 more comments