Wireshark-users: Re: [Wireshark-users] How to decode AVP 1003 and 1022 ??

From: "Leonard Wu \(liwu\)" <liwu@xxxxxxxxx>
Date: Mon, 27 Aug 2007 12:41:20 -0700
Hi,
 
I ve added the following to dictionary.xml, but wirehshark does not decode it:
 

<avp name="AGW-IP-Address" code="1003" mandatory="may" vendor-bit="must" may-encrypt="no">

<type type-name="IPAddress"/>

</avp>

<avp name="Access-Network-Charging identifier-Ty" code="1022" mandatory="may" vendor-bit="must" vendor-id="3GPP" may-encrypt="no">

<type type-name="UTF8String"/>

</avp>

 

Thanks,

Leonard

 



From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: Sunday, August 26, 2007 3:45 AM
To: 'Community support list for Wireshark'
Subject: Re: [Wireshark-users] How to decode AVP 1003 and 1022 ??

Hi,

Have a look in /diameter/dictionary.xml I think it also holds the reference to the relevant 3GPP specification.

Please send us any update as a patch for inclusion into Wireshark.

Regards

Anders

 


Från: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] För Leonard Wu (liwu)
Skickat: den 26 augusti 2007 09:07
Till: wireshark-users@xxxxxxxxxxxxx
Ämne: [Wireshark-users] How to decode AVP 1003 and 1022 ??

 

Hi,

 

My wireshark can't decode AVP 1003 and 1022 as below:

 

Unknown AVP:0x000003eb (1003) (OctetString) l:0x12 (18 bytes) (20 padded bytes)

    AVP Code: Unknown AVP:0x000003eb (1003) (1003)

    AVP Flags: 0xc0 (Mandatory, Vendor-Specific)

    AVP Length: 18

    AVP Vendor Id: 3rd Generation Partnership Project 2 (3GPP2) (5535)

    Hex Data Highlighted Below

 

Unknown AVP:0x000003fe (1022) (OctetString) l:0x20 (32 bytes) (32 padded bytes)

    AVP Code: Unknown AVP:0x000003fe (1022) (1022)

    AVP Flags: 0xc0 (Mandatory, Vendor-Specific)

    AVP Length: 32

    AVP Vendor Id: 3GPP (10415)

    Hex Data Highlighted Below

 

===

 

I really appreciate if Someone can provide me with some guidance. It has blocked my testing work.

Is that because wireshark is dictionary-driven and it is possible that not all the AVPs have been loaded into it.

Is it possible to add new AVPs ?

 

Thanks,

Leonard