Make it easier to see what is going on with SIGTRAN/Diameter/GTP signalling in Wireshark by colorizing the packets according to their type.
To install the rules, create a new profile in Wireshark and then
either copy the colorfilters file into the new directory of the
profile or, if a colorfilters file already exists for the in that
diretory, concatenate the two files.
These rules have been tested mostly with interconnect traffic between networks. For other traffic (especially Diameter and GTP) your mileage might vary.
This is how the packets will be colorized:
| Message Type | Color |
|---|---|
| MAP/CAMEL invoke / ... in a TCAP Continue |   |
| MAP/CAMEL returnResult(Not)Last / ... in a TCAP Continue |   |
| MAP/CAMEL returnError or reject / ... in a TCAP Continue |   |
| Empty TCAP Begin |  |
| Empty TCAP Continue or End |  |
| TCAP Abort |  |
| SCCP (X)UDTS |  |
| Diameter request | |
| Diameter answer successful (2001) | |
| Diameter answer with application error | |
| Diameter answer with protocol error | |
| GTP request | |
| GTP accepted | |
| GTP error | |