How to Filter Diameter Traces in Wireshark

Here are some useful Diameter filters for Wireshark that will help you view the Diameter packets that you want to see during testing or troubleshooting.

How To Setup a Diameter Filter

Typically Diameter uses TCP or SCTP as its transport protocol and the default port number is 3868.

So we could setup a filter on this port using the following command:

tcp port 3868

But there’s a quicker way, simply use the following filter:

diameter

Yes, it’s really that simple!

Here is how it looks…

How To Remove Unwanted Diameter Messages

You may notice in the above screenshot that all Diameter messages are visible including the Diameter watchdog messages, Device Watchdog Request (DWR) and Device Watchdog Answer (DWA).

Normally, we don’t want to see the watchdogs so we can use this filter to hide them from view:

diameter and not diameter.cmd.code==280

As all watchdog messages have a command code of 280, this filter command will hide them from view as can be seen below…

How To Setup a Filter For Diameter Error Codes

Filtering for specific error codes within the Diameter messages can also be useful.

Let’s say that we were looking for messages with the Diameter an Error Code of 3003 (DIAMETER_REALM_NOT_SERVED).

To achieve this we could use the following filter:

diameter and diameter.Result-Code==3003

This allows us to home in on messages that have caused errors:

Hopefully that’s been a useful introduction to some of the great Wireshark filtering tools – you’ll soon be zooming in on the Diameter messages you want in seconds!

Give a Comment