Wireshark-bugs: [Wireshark-bugs] [Bug 11144] New: diameter packages missing in text format

Date: Fri, 24 Apr 2015 11:34:31 +0000
Bug ID 11144
Summary diameter packages missing in text format
Product Wireshark
Version 1.12.4
Hardware x86-64
OS SuSE
Status UNCONFIRMED
Severity Normal
Priority Low
Component Common utilities (libwsutil)
Assignee [email protected]
Reporter [email protected]

Created attachment 13574 [details]
the capture file described in the bug report

Build Information:
TShark 1.12.4 (Git Rev Unknown from unknown)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.42.1, with libpcap, with libz 1.2.8, with POSIX
capabilities (Linux), with libnl 3, with SMI 0.4.8, with c-ares 1.10.0, with
Lua
5.2, without Python, with GnuTLS 3.2.18, with Gcrypt 1.6.1, with MIT Kerberos,
with GeoIP.

Running on Linux 3.16.6-2-desktop, with locale en_US.UTF-8, with libpcap
version
1.6.2, with libz 1.2.8.
Intel(R) Core(TM) i5-4300M CPU @ 2.60GHz

Built using gcc 4.8.3 20140627 [gcc-4_8-branchrevision 212064].
--
I have captured some packets via the following command: 'tshark -w
capture.raw'. I then extracted a readable format of diameter messages from the
capture as so: 'tshark -r capture.raw -Y 'diameter' > capture.tshark'. I
noticed my diameter application had recorded a few messages which were not
recorded in the 'capture.tshark' file. Once I opened the 'capture.raw' file in
the Wireshark GUI I was able to locate the missing entries. Even the filters
worked (e.g. diameter.hopbyhopid == 0x553a25de). I also noticed while exporting
the packet dissections as plain text from the Wireshark GUI the messages get
lost again. However when I export the dissections as detailed XML the entries
can be found.

Here is a list of missing diameter messages or rather the appropriate HopByHop
IDs:
553a25de
553a25f6
553a25f8
553a25fa
553a25fb
553a25fe
553a25ff
553a2600
553a2601
553a2604
553a2605
553a25de
553a25f8
553a25fa
553a25ff
553a2600
553a25fe
553a2605
553a25f6
553a2601
553a25fb
553a2604

The capture file is attached.


You are receiving this mail because:
  • You are watching all bug changes.