I’ve spent many happy hours looking at Diameter traces, so here are some useful ways of setting up Wireshark filters to help cut through the noise and get to the packets you want to see.
Typically DIAMETER uses TCP or SCTP as its transport protocol and the default port number is 3868. You could setup a filter on this port using the following command:
tcp port 3868
But there’s a quicker way, simply use the following filter:
Yes, that’s it! Here is how it looks…
You may notice in the above screenshot that all Diameter messages are visible including the Diameter watchdog messages, Device Watchdog Request (DWR) and Device Watchdog Answer (DWA). It’s unlikely that you will normally want to see the watchdogs so use this filter to hide them from view:
diameter and not diameter.cmd.code==280
As all watchdog messages have a command code of 280, this filter command will hide them from view as you can see below…
Filtering for specific Error Codes can also be useful. Let’s say that we were looking for messages with the Diameter an Error Code of 3003 (DIAMETER_REALM_NOT_SERVED), to do that we could use the following filter:
diameter and diameter.Result-Code==3003
This allows us to home in on messages that have caused errors:
Well I hope that’s been useful in helping you get to grips with some of the great Wireshark filtering tools – you’ll soon be zooming in on the messages you want in seconds!