Packets 8 and onwards look like they're the update Gy messages I'm looking for, but Wireshark is not decoding them as Diameter. Tried to force-decode it using the "Decode as" option, but no dice. Expert info on the SEQ/ACK analysis tells me that these are suspected TCP retransmissions (of the initial Diameter messages), which they're not.
A workaround I came up with is to mark and export the Diameter request-answer pairs into their own pcap files, so Wireshark is able to decode them properly. Not the most elegant solution - quite time-consuming - but it works.
Gave it some thought, and found an even better solution. Go to Edit --> Preferences --> Protocols --> TCP, and disable Analyze TCP sequence numbers.
Voila!
No comments:
Post a Comment