Track specific diameter requests without response

The filter you've found for RADIUS, radius.req and !radius.rspframe, does identify requests without a matching response in the capture, as the embedded dissector creates the cross-reference pseudofields radius.reqframe and radius.rspframe.

The diameter dissector does the same, except that the pseudo-fields are called diameter.answer_to and diameter.answer_in. So the equivalent of your filter, showing only requests without a matching response, would be diameter.flags.request == 1 and !diameter.answer_in.

However, that's the maximum you can get from the embedded dissector.

To display-filter requests which have received responses with other than successful result, you need two things:

• to define what an "other than successful result" means in your context, because not all diameter applications contain the Result-Code AVP. Is diameter.flags.error == 1 a sufficient criterion?

• to use a Lua post-dissector or MATE to use fields from dissection trees of response packets for creation of your own pseudo-field(s) in the dissection tree of the request packets, allowing to display-filter the requests on these pseudo-fields. MATE does a lot of things automatically but in its own way, while Lua gives you more flexibility but you have to type much more to achieve the goal.