contrib/wireshark/sample/README - freeDiameter-old - Gitiles

 This folder contains an example capture file, as well as the two
 private keys required to decode the TLS-protected exchanges.

 In order to decrypt properly the packets, you'll need a patched wireshark (see parent directory)
 and the SSL "RSA Private Keys" properties set to (replace with real full path):
   192.168.103.10,3869,diameter,freeDiameter/contrib/wireshark/sample/192.168.103.10.priv.pem;192.168.103.20,3869,diameter,freeDiameter/contrib/wireshark/sample/192.168.103.20.priv.pem


 This capture contains everything that was exchanged by the peer since it boot up.
 The captured peer is "relay.a.rt.freediameter.net" with IP address 192.168.103.20.

 Here is the detail of what you can see in the capture, if the decyphering
 works as expected, in chronological order:

 -----------------------------------------------------------------------------
 Frames		| Comments
 -----------------------------------------------------------------------------
 1-24		| Peer booting up: DHCP, NTP, ...
 		|
 25-29		| Connection attempt from 192.168.103.10
 		|   first attempt on SCTP (frames 26-27)
 		|   then on TCP (frames 28-29)
 		|
 32-35		| freeDiameter starting: Diameter Identities
 		|   from the peer's configuration file are
 		|   DNS resolved.
 		|
 36-39		| SCTP connection to 192.168.103.10
 		|
 40-45		| Failed attempt to connect to 192.168.103.30
 		|   where freeDiameter was not started.
 		|
 46-49		| (I think this is trigged by Debug output,
 		|   I have to check)
 		|
 50-73		| TLS handshake on first stream pair (#0).
 		|
 74-90		| Resumed handshakes on streams #1 and #2 in parallel.
 		|   (not sure where to find that it is resumed,
 		|    except that certificates are not re-exchanged)
 		|
 91-92		| CER/CEA exchange.
 93-96		| DWR/DWA exchange.
 		|
 103-118		| SCTP heartbeats are exchanged more frequently than DWR/DWA.
 		|
 119-124		| Concurrent DWR/DWA (it happens sometimes)
 		|
 125-128		| Another failed attempt to 192.168.103.30 (cf. frames 40-45)
 		|
 137-140		| DPR/DPA exchange.
 		|
 141-153		| TLS clean shutdown on all streams in parallel.
 		|
 154-157		| SCTP association is closed.
 -----------------------------------------------------------------------------
	This folder contains an example capture file, as well as the two
	private keys required to decode the TLS-protected exchanges.

	In order to decrypt properly the packets, you'll need a patched wireshark (see parent directory)
	and the SSL "RSA Private Keys" properties set to (replace with real full path):
	192.168.103.10,3869,diameter,freeDiameter/contrib/wireshark/sample/192.168.103.10.priv.pem;192.168.103.20,3869,diameter,freeDiameter/contrib/wireshark/sample/192.168.103.20.priv.pem


	This capture contains everything that was exchanged by the peer since it boot up.
	The captured peer is "relay.a.rt.freediameter.net" with IP address 192.168.103.20.

	Here is the detail of what you can see in the capture, if the decyphering
	works as expected, in chronological order:

	-----------------------------------------------------------------------------
	Frames \| Comments
	-----------------------------------------------------------------------------
	1-24 \| Peer booting up: DHCP, NTP, ...
	\|
	25-29 \| Connection attempt from 192.168.103.10
	\| first attempt on SCTP (frames 26-27)
	\| then on TCP (frames 28-29)
	\|
	32-35 \| freeDiameter starting: Diameter Identities
	\| from the peer's configuration file are
	\| DNS resolved.
	\|
	36-39 \| SCTP connection to 192.168.103.10
	\|
	40-45 \| Failed attempt to connect to 192.168.103.30
	\| where freeDiameter was not started.
	\|
	46-49 \| (I think this is trigged by Debug output,
	\| I have to check)
	\|
	50-73 \| TLS handshake on first stream pair (#0).
	\|
	74-90 \| Resumed handshakes on streams #1 and #2 in parallel.
	\| (not sure where to find that it is resumed,
	\| except that certificates are not re-exchanged)
	\|
	91-92 \| CER/CEA exchange.
	93-96 \| DWR/DWA exchange.
	\|
	103-118 \| SCTP heartbeats are exchanged more frequently than DWR/DWA.
	\|
	119-124 \| Concurrent DWR/DWA (it happens sometimes)
	\|
	125-128 \| Another failed attempt to 192.168.103.30 (cf. frames 40-45)
	\|
	137-140 \| DPR/DPA exchange.
	\|
	141-153 \| TLS clean shutdown on all streams in parallel.
	\|
	154-157 \| SCTP association is closed.
	-----------------------------------------------------------------------------