KS02021/001: How to filter different fields with the same name in the same packet from Wireshark?
Everybody who already worked with Diameter protocol, specifically with DCCA application (Gy interface) knows that it's difficult to filter errors based on Result-Code at MSCC level and at same time excluding the Result-Code at Command level.
They have the same name (result-code), the first one at command level specifies the result of the transaction between client and server and the others (we can have 1 to x different active services) specifies the result of the service request for one specific session (subscriber).
Since from wireshark we don't have a way to filter them differentialy (*Diameter.Result-Code* for cmd and mscc level), I found a way to do it based on frame and their interval-bytes as you can see in the image below.
Note: you can combine this sintaxe with application-id avp in order to guarantee that you are filtering only Gy traffic (excluding Gx or other diameter traffic in the pcap like DWR/A, etc).
This was my first technical article and my english isn't my native language, so sorry for that. Any contribution to improve the article will be welcome.
#telco #telecom #mobilenetwork #diameter #knowledgesharing #gyinterface #wireshark #wiresharkfilters #onlinecharging #pcef
5GC Engineer, Cloud Packet Core Solution Architect, EPC Core Network Engineer, CCNA, ITILV4...
3 年Well done Erivelto!
Great initiative Erivelto A., congratulations on the article. That knowledge is really useful to debug network-related issues. I use Grammarly (https://www.grammarly.com/) to help with writing and grammar, so I think it can help you too. Cheers, and I wish you all the best!
IT Technician at Unitel, SA | Front-End Development | HTML5 | CSS3 | Python | Docker| CICD| Git |
3 年Congrats bro.