Wireshark-users: Re: [Wireshark-users] Unknown AVP problem
From: "Martin Mathieson" <martin.r.mathieson@xxxxxxxxxxxxxx>
Date: Thu, 3 Apr 2008 05:36:08 +0100
You had 2 problems:

1) your file really wasn't well-formed, there was an unclosed comment at line 2342, you need to delete that!
2) the vendor ID *wasn't* being set at all in the XML file, whereas it is set in the capture (I still haven't seen the spec).  But its not 3GPP, its 3GPP2 in the capture file.

There AVP definition that worked for me was as follows:

        <avp name="Flow-Operation" code="800" mandatory="must" may-encrypt="yes" vendor-bit="may" vendor-id="3GPP2">
            <type type-name="Enumerated"/>
            <enum name="TERMINATION" code="0"/>
            <enum name="ESTABLISHMENT" code="1"/>
            <enum name="MODIFICATION" code="2"/>
        </avp>

When you get the APP id, commands, and AVPs working, please do open a request in bugzilla http://bugs.wireshark.org and attach a patch to an up-to-date dictionary.xml.

Best regards,
Martin

On Wed, Apr 2, 2008 at 3:40 PM, Sabyasachi Samal <sabyasachisamal@xxxxxxxxx> wrote:
Hello Martin,
 
Thanks for your reply.
 
Yes the vendor ID is correctly set as 3GPP. regarding the dictionary.xml it is opened in my web browser. You may tring to open that in other location than the specified location as wireshark as it required all other link files. Please try and let me know.
 
I am sending the capture trace also.
 
Regards,
Sabyasachi

 
On 4/2/08, Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> wrote:
Hi,
I've only had a very quick look, and I haven't seen the Ty interface spec, but have you checked that the vendor ID is correctly set in your AVP definition?  The warning you're seeing below may need to be improved to make it clear that the vendor ID was also used in the comparison, and which one was found in the capture.

The other problem I noticed is that whereas the current dictionary.xml loads into my web browser, yours doesn't, suggesting that it may not be well-formed, which might mean that our parser also failed to load and use your AVP definition.

Hope this helps.

Martin

P.S.  t couldn't hurt to update to the shiny new Wireshark 1.0 either :)



On Wed, Apr 2, 2008 at 10:31 AM, Sabyasachi Samal <sabyasachisamal@xxxxxxxxx> wrote:
Hello Guys,
 
I am using wireshark version 0.99.8. I want to capture Diameter stuffs for Ty interface. I am facing problem while decode the Flow-Operation AVP having AVP code = 800.
 
In wireshark it is showing as
                               AVP Code: 800 Unknown
                               Unknow AVP, if you know what this is you can add it to the dictionary.xml.
 
I have added that but still showing same error. I am attaching the directory.xml, can any one have a look and please let me know if i have added in right way or i have to modify some thing more.
 
Hope for your cooperation.

--
Regards,
  Sabyasachi Samal
  IMS Testing Solution
  Nethawk Networks India Pvt. Ltd.
  Bhubaneswar
  Orissa, India

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users



_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users




--
Regards,
  Sabyasachi Samal
  IMS Testing Solution
  Nethawk Networks India Pvt. Ltd.
  Bhubaneswar
  Orissa, India

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users