There are various utilities available on Linux server, but here we are discussing the command that shall give you an exhaustive information for each AVP.
Kindly check tshark is installed.
[If any other utility is better than tshark,Do share, your suggestions are warmly welcome]
1) tshark -R diameter -V | grep 'Frame\|Arrival Time:\|Internet Protocol Version\|Src Port:\|Diameter Protocol\|Request:\|Command Code:\|AVP:\|Result-Code'
OutPut:
Frame 3534 (268 bytes on wire, 268 bytes captured)
Arrival Time: Apr 15, 2013 15:47:01.412548000
Frame Number: 3534
Frame Length: 268 bytes
[Frame is marked: False]
Transmission Control Protocol, Src Port: 38275 (38275), Dst Port: avocent-adsap (3871), Seq: 1, Ack: 1, Len: 200
Diameter Protocol
1... .... = Request: Set
Command Code: 257 Capabilities-Exchange
AVP: Origin-Host(264) l=19 f=-M- val=101.134.771.143
AVP: Origin-Realm(296) l=26 f=-M- val=abc123.ABC.org
AVP: Host-IP-Address(257) l=14 f=-M- val=101.134.771.143 (101.134.771.143)
AVP: Vendor-Id(266) l=12 f=-M- val=11
AVP: Product-Name(269) l=23 f=--- val= Cx Interface
AVP: Origin-State-Id(278) l=12 f=-M- val=1094807040
AVP: Supported-Vendor-Id(265) l=12 f=-M- val=10415
AVP: Auth-Application-Id(258) l=12 f=-M- val=3GPP CX/DX (16777216)
AVP: Vendor-Specific-Application-Id(260) l=32 f=-M-
AVP: Vendor-Id(266) l=12 f=-M- val=11
AVP: Auth-Application-Id(258) l=12 f=-M- val=3GPP CX/DX (16777216)
AVP: Firmware-Revision(267) l=12 f=--- val=1
Frame 3543 (408 bytes on wire, 408 bytes captured)
Arrival Time: Apr 15, 2013 15:47:01.418472000
Frame Number: 3543
Frame Length: 408 bytes
[Frame is marked: False]
Transmission Control Protocol, Src Port: avocent-adsap (3871), Dst Port: 38275 (38275), Seq: 1, Ack: 201, Len: 340
Diameter Protocol
0... .... = Request: Not set
Command Code: 257 Capabilities-Exchange
AVP: Origin-Host(264) l=28 f=-M- val=abc.xyz.com
AVP: Origin-Realm(296) l=23 f=-M- val=xyz.com
AVP: Result-Code(268) l=12 f=-M- val=DIAMETER_SUCCESS (2001)
AVP Code: 268 Result-Code
Result-Code: DIAMETER_SUCCESS (2001)
AVP: Host-IP-Address(257) l=14 f=-M- val=222.222.222.222 (222.222.222.222)
AVP: Vendor-Id(266) l=12 f=-M- val=10415
AVP: Product-Name(269) l=11 f=--- val=HSS
AVP: Inband-Security-Id(299) l=12 f=-M- val=NO_INBAND_SECURITY (0)
AVP: Firmware-Revision(267) l=12 f=--- val=1
AVP: Vendor-Specific-Application-Id(260) l=32 f=-M-
AVP: Vendor-Id(266) l=12 f=-M- val=10415
AVP: Auth-Application-Id(258) l=12 f=-M- val=3GPP CX/DX (16777216)
AVP: Vendor-Specific-Application-Id(260) l=32 f=-M-
AVP: Vendor-Id(266) l=12 f=-M- val=10415
AVP: Auth-Application-Id(258) l=12 f=-M- val=Unknown (16777291)
AVP: Vendor-Specific-Application-Id(260) l=32 f=-M-
AVP: Vendor-Id(266) l=12 f=-M- val=10415
AVP: Auth-Application-Id(258) l=12 f=-M- val=3GPP S13 (16777252)
AVP: Vendor-Specific-Application-Id(260) l=32 f=-M-
AVP: Vendor-Id(266) l=12 f=-M- val=10415
AVP: Auth-Application-Id(258) l=12 f=-M- val=3GPP S6a (16777251)
AVP: Vendor-Specific-Application-Id(260) l=32 f=-M-
AVP: Vendor-Id(266) l=12 f=-M- val=10415
AVP: Auth-Application-Id(258) l=12 f=-M- val=3GPP Zh (16777221)
AVP: Vendor-Specific-Application-Id(260) l=32 f=-M-
AVP: Vendor-Id(266) l=12 f=-M- val=10415
AVP: Auth-Application-Id(258) l=12 f=-M- val=3GPP Sh (16777217)
Frame 3546 (392 bytes on wire, 392 bytes captured)
Arrival Time: Apr 15, 2013 15:47:01.423330000
Frame Number: 3546
Frame Length: 392 bytes
[Frame is marked: False]
Arrival Time: Apr 15, 2013 15:47:01.412548000
Frame Number: 3534
Frame Length: 268 bytes
[Frame is marked: False]
Transmission Control Protocol, Src Port: 38275 (38275), Dst Port: avocent-adsap (3871), Seq: 1, Ack: 1, Len: 200
Diameter Protocol
1... .... = Request: Set
Command Code: 257 Capabilities-Exchange
AVP: Origin-Host(264) l=19 f=-M- val=101.134.771.143
AVP: Origin-Realm(296) l=26 f=-M- val=abc123.ABC.org
AVP: Host-IP-Address(257) l=14 f=-M- val=101.134.771.143 (101.134.771.143)
AVP: Vendor-Id(266) l=12 f=-M- val=11
AVP: Product-Name(269) l=23 f=--- val= Cx Interface
AVP: Origin-State-Id(278) l=12 f=-M- val=1094807040
AVP: Supported-Vendor-Id(265) l=12 f=-M- val=10415
AVP: Auth-Application-Id(258) l=12 f=-M- val=3GPP CX/DX (16777216)
AVP: Vendor-Specific-Application-Id(260) l=32 f=-M-
AVP: Vendor-Id(266) l=12 f=-M- val=11
AVP: Auth-Application-Id(258) l=12 f=-M- val=3GPP CX/DX (16777216)
AVP: Firmware-Revision(267) l=12 f=--- val=1
Frame 3543 (408 bytes on wire, 408 bytes captured)
Arrival Time: Apr 15, 2013 15:47:01.418472000
Frame Number: 3543
Frame Length: 408 bytes
[Frame is marked: False]
Transmission Control Protocol, Src Port: avocent-adsap (3871), Dst Port: 38275 (38275), Seq: 1, Ack: 201, Len: 340
Diameter Protocol
0... .... = Request: Not set
Command Code: 257 Capabilities-Exchange
AVP: Origin-Host(264) l=28 f=-M- val=abc.xyz.com
AVP: Origin-Realm(296) l=23 f=-M- val=xyz.com
AVP: Result-Code(268) l=12 f=-M- val=DIAMETER_SUCCESS (2001)
AVP Code: 268 Result-Code
Result-Code: DIAMETER_SUCCESS (2001)
AVP: Host-IP-Address(257) l=14 f=-M- val=222.222.222.222 (222.222.222.222)
AVP: Vendor-Id(266) l=12 f=-M- val=10415
AVP: Product-Name(269) l=11 f=--- val=HSS
AVP: Inband-Security-Id(299) l=12 f=-M- val=NO_INBAND_SECURITY (0)
AVP: Firmware-Revision(267) l=12 f=--- val=1
AVP: Vendor-Specific-Application-Id(260) l=32 f=-M-
AVP: Vendor-Id(266) l=12 f=-M- val=10415
AVP: Auth-Application-Id(258) l=12 f=-M- val=3GPP CX/DX (16777216)
AVP: Vendor-Specific-Application-Id(260) l=32 f=-M-
AVP: Vendor-Id(266) l=12 f=-M- val=10415
AVP: Auth-Application-Id(258) l=12 f=-M- val=Unknown (16777291)
AVP: Vendor-Specific-Application-Id(260) l=32 f=-M-
AVP: Vendor-Id(266) l=12 f=-M- val=10415
AVP: Auth-Application-Id(258) l=12 f=-M- val=3GPP S13 (16777252)
AVP: Vendor-Specific-Application-Id(260) l=32 f=-M-
AVP: Vendor-Id(266) l=12 f=-M- val=10415
AVP: Auth-Application-Id(258) l=12 f=-M- val=3GPP S6a (16777251)
AVP: Vendor-Specific-Application-Id(260) l=32 f=-M-
AVP: Vendor-Id(266) l=12 f=-M- val=10415
AVP: Auth-Application-Id(258) l=12 f=-M- val=3GPP Zh (16777221)
AVP: Vendor-Specific-Application-Id(260) l=32 f=-M-
AVP: Vendor-Id(266) l=12 f=-M- val=10415
AVP: Auth-Application-Id(258) l=12 f=-M- val=3GPP Sh (16777217)
Frame 3546 (392 bytes on wire, 392 bytes captured)
Arrival Time: Apr 15, 2013 15:47:01.423330000
Frame Number: 3546
Frame Length: 392 bytes
[Frame is marked: False]
2) Extreme Exhaustive Info.
tshark -R diameter -V
3) Command to capture PCAP file Log-Rotate.
tshark -b filesize:10240 -a files:1000 -w capture.pcap
[It shall stop after writing 1000 files.]
tshark -f sctp port 3868 -i eth0 -b filesize:10240 -b duration:300 -w log.pcap
[It shall capture continuously and shall create new file when file size reaches to 10240 or 300 seconds are passed ]
Your Comments /Suggestions and Questions are always welcome, shall clarify with best of knowledge. So feel free to put Questions.
nice tip. thanks!!!
ReplyDeletetcpdump is another option
ReplyDeletetcpdump -s 0 -i any host \( ip1 or ip2, etc\) -w /filename
Please can you inform me how you set vendor id & auth-application id and also host ip address perfectly ??? It is very argent
ReplyDeleteHi Shahriar Kamal,
DeleteThis blog about capturing the information from Network. Vendor-ID, Application-ID and IP etc are to be set in application. Every software Vendors/Companies have their own way to set configuration details in application.
Kindly elaborate more, what's exactly your point.
Thanks for your query.
Happy to help you again.
Team-Diameter
Really kind reply..Normally people just ignore. Good work. This is my first visit to this site.
DeleteHi
DeleteThanks for appreciating our efforts.
Team-Diameter
Hi Team ,
ReplyDeletekindly any body help me to know the use of RATING GROUP in diameter, and why it need to set mandatory ?
If you have an online charging system controlling your charging functionality and a PCRF controlling your policy application,then to charge a data session of a user the PCRF responds with Rating Group avp to PGW,which PGW uses to notify the Online charging system.
DeleteOnce online charging system receives the CC-R from PGW with rating group,the Online Charging system can do charging based on the Rating Group identifier received in the CCR from PGW
Any body can help me out to get PDF of this " Sip: Understanding the Session Initiation Protocol, Fourth Edition 4th ed. Edition
ReplyDeleteby Alan B Johnston (Author) "
hi team,
ReplyDeletei have some Doubt..
(1)what is "COMMAND" & "Application id"??
(2)if server sends a RAR msg to client. what will be the format for msg. like in message there will be mention that this is "RAR" msg or using corresponding code 258 Decimal.
(3)How can we use application ID in message format??
in ims registration i-cscf what does send in the uar, to hss, hss what will reply to i-cscf in uaa
ReplyDeleteWhen you look into Cx-Registration, the I-CSCF looks for the S-CSCF address, for that it ask the scscf address/scscf capabilities from HSS. if HSS have the SCSCF assigned (SUBSQUENT REGISTRATION (UAR after MAR)) for that subscriber, it provides the name, otherwise server capabilities(FIRST REGISTRATION). kindly refer 29.228 for complete details.
Deletethanks, your help for more detail about tshark in diameter
ReplyDelete