I am trying to decode raw frames of a diameter call using tshark, all the fields: Command code, Application Id, AVPs are labelled as 'Unknown'. This labelling is followed by a sentence 'if you know what this is you can add it to dictionay.xml'. Am I missing some options? How to resolve this issue?enter image description here
For sure, the protocol you're trying to decode (3GPP Cx) is part of Wireshark off-the-shelf dictionary:
jhartman#mbp wireshark-master % grep 16777216 -A 10 diameter/TGPP.xml
<application id="16777216" name="3GPP Cx" uri="http://www.3gpp.org/DynaReport/29229.htm">
<!-- IMS Cx Dx Application -->
<command name="User-Authorization" code="300" vendor-id="TGPP"/>
<command name="Server-Assignment" code="301" vendor-id="TGPP"/>
<command name="Location-Info" code="302" vendor-id="TGPP"/>
<command name="Multimedia-Auth" code="303" vendor-id="TGPP"/>
<command name="Registration-Termination" code="304" vendor-id="TGPP"/>
<command name="Push-Profile" code="305" vendor-id="TGPP"/>
My suggestions:
Download latest version of Wireshark
Ensure Wireshark interprets the log as Diameter: Select a frame and choose "Decode As" from contextual menu. Then select "Diameter"
Finally: the screenshot does not have other details, perhaps you could share a few frames from your log to analyse.
Related
I have XML file named TIBCOUniversalInstaller_TRA_5.10.0.silent as below.I want to replace values in XML file using "replace" target in ant script using xmltask task.
XML File is below:
<?xml version="1.0"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<comment>---Universal Installer Silent Installation Properties---</comment>
<!--accept the license agreement-->
<entry key="acceptLicense">true</entry>
<entry key="installationRoot">/opt/tibco</entry>
<entry key="environmentName">TRA</entry>
</properties>
At time of parsing XML file ,since my server can not reach java.sun.com , so i had downloaded properties.dtd on my local machine and using xmlcatalog task i am forcing ant script to read local copy of properties.dtd.Below is my ant script
<xmlcatalog id="dtd">
<dtd publicId="SYSTEM" location="/home/tibco/BW-AUTOMATION-
PROJECT/Environments/properties.dtd"/>
</xmlcatalog>
<xmltask source="${TRASoftwareFolder}/TIBCOUniversalInstaller_TRA_5.10.0.silent" dest="${TRASoftwareFolder}/TIBCOUniversalInstaller_TRA_5.10.0.silent">
<xmlcatalog refid="dtd">
</xmlcatalog>
<replace path="/:properties/:entry/:[#key='installationRoot']/text()"
withText="/home/tibco"/>
</xmltask>
But still at time of parsing XML contents , everytime it is going to http://java.sun.com/dtd/properties.dtd and i get "Connection Refused Error".
When i did debug i see below which i believe can be issue and it is always going to website instead of local dtd file.
DEBUG LOGS:
"No matching catalog entry found, parser will use: 'http://java.sun.com/dtd/properties.dtd'"
I believe it is because i gave "SYSTEM" as value in "publicId" attribute inside dtd element.
Can you please advise what should be correct value for "publicID" attribute for this given dtd so that it matches catalog at the time of parsing.
If there is another way of reading/replacing this XML file please advise.
Thanks
Looking at the "BiosInitTime" from ETW events parsed using "tracerpt.exe" and I noticed for hibernate/S4 resume it's always 0 (see example at the end). The same happened with etl traces collected directly using XPERF or via ADK Windows Assessment Console. But via WAC/WPA analysis & GUI, the BIOS will be shown. So it appears the information is there but "tracerpt.exe" is parsing the wrong events to calculate "BiosInitTime".
What specific start/stop events I should check to calculate the Bios Init Time via etl trace, say, using xperf?
Thanks
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" />
<EventID>39</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>33</Task>
<Opcode>0</Opcode>
<Keywords>0x400000000000000C</Keywords>
<TimeCreated SystemTime="2016-02-03T15:08:43.601479000Z" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessID="4" ThreadID="3140" ProcessorID="0" KernelTime="180" UserTime="0" />
<Channel>Microsoft-Windows-Kernel-Power/Diagnostic</Channel>
<Computer />
</System>
<EventData>
<Data Name="SleepTime"> 1546</Data>
<Data Name="ResumeTime"> 769</Data>
<Data Name="DriverWakeTime"> 715</Data>
<Data Name="HiberWriteTime"> 2999</Data>
<Data Name="HiberReadTime"> 1862</Data>
<Data Name="HiberPagesWritten"> 148964</Data>
**<Data Name="BiosInitTime"> 0</Data>**
</EventData>
<RenderingInfo Culture="en-US">
<Level>Information </Level>
<Opcode>Info </Opcode>
<Keywords>
<Keyword>po:Diagnostic</Keyword>
<Keyword>po:Performance</Keyword>
</Keywords>
<Task>PowerTransition</Task>
<Channel>Microsoft-Windows-Kernel-Power/Diagnostic</Channel>
<Provider>Microsoft-Windows-Kernel-Power </Provider>
</RenderingInfo>
The Microsoft-Windows-Kernel-Power events are not captured into the ETL when selecting hibernation in WPRUI.exe. You can see this if you open the ETL with PerfView and look in the raw event list.
So when you try to search for the BiosInitTime it shows as 0. If you can see if when running the ADK Windows Assessment Console, this means here the Microsoft-Windows-Kernel-Power events are captured.
I am new to machine learning. When I tried learning through gate, it is showing some error. The learning configuration file is given below.
<?xml version="1.0"?>
<ML-CONFIG>
<SURROUND value="false"/>
<FILTERING ratio='0.2' dis='far'/>
<EVALUATION method="holdout" runs="2" ratio="0.66"/>
<multiClassification2Binary method="one-vs-anothers" thread-pool-size="2"/>
<PARAMETER name="thresholdProbabilityBoundary" value="1.0"/>
<PARAMETER name="thresholdProbabilityEntity" value="1.0"/>
<PARAMETER name="thresholdProbabilityClassification" value="0.0"/>
<IS-LABEL-UPDATABLE value="true"/>
<IS-NLPFEATURELIST-UPDATABLE value="true"/>
<ENGINE nickname="SVM" implementationName="SVMLibSvmJava" options = "-s 0 -t 1 -d 4 -c 5 -tau 1.2"/>
</ML-CONFIG>
Training attributes are inside this file. When I trained without the line containing multiclass xml tag it is working. when this line is added, an error is showing like below
Caused by: org.jdom.input.JDOMParseException: Error on line 6 of document file:/home/cognicor/vagateplugin/scripts/ML_script/learningsvm: Element type "multiClassi" must be followed by either attribute specifications, ">" or "/>".
I am not aware of this thing and why it happens and seek for a solution.
The problem is in the multiClassification2Binary string. There is a single glyph fi that contains two joined characters "fi" together. You probably copied the text from some pdf... Simply replace fi by fi and the error should go away.
How do you prevent ant's input task from echoing/printing in the console?
When requesting input in ant, it echoes the characters as you type. This isn't ideal for password inputs.
I ended up finding a solution.
As of Ant 1.7.1, this can be done by setting the handler to SecureInputHandler, see code below:
<input
message=" [input] password(Appserver):${line.separator}"
addproperty="password">
<handler classname="org.apache.tools.ant.input.SecureInputHandler" />
</input>
Strangely, when you set the handler to org.apache.tools.ant.input.SecureInputHandler, it doesn't display as it does with other input in that:
It doesn't have " [input]" prepended
Doesn't move the cursor to the next line
As such, I have achieved these 2 by modifying the message, see above.
I've been trying to create a batch update program for a MOSS site, based on the MSDN example here: http://msdn.microsoft.com/en-us/library/cc404818.aspx. Unfortunately, although the update query is running through with no errors, the data in the list is not changing.
Here is the batch command I use:
<Method ID="3767">
<SetList>8468cf0a-7e10-439c-a9b4-4197543e7b38</SetList>
<SetVar Name="Cmd">Save</SetVar>
<SetVar Name="ID">3767</SetVar>
<SetVar Name="Date_x0020_of_x0020_Birth1">1971-12-18T00:00:00Z</SetVar>
</Method>
Upon running the batch update command:
string batchReturn = web.ProcessBatchData(batch);
returns:
<Results>
<Result ID="3767" Code="0"></Result>
</Results>
The major version number on the list item is incremented, but no changes are made to the data in field: Date_x0020_of_x0020_Birth1
I'm stumped.
More background: Date_x0020_of_x0020_Birth1 is a new field added to the default content type fo this list. It is a DateTime field. It supercedes the original Date_x0020_of_x0020_Birth field (now has a display name of "Date of Birth(Text)") which was a text field, dues o it containing values prior to 01/01/1900. The batch update is to copy dates from the text field to the new DateTime field where possible.
The only thing I can think off is that I'm using:
<SetVar Name="Cmd">Save</SetVar>
Perhaps I need the "Update" or "Save" command, so I tried this:
<Method ID="1" Cmd="Update">
<Field Name='ID'>3767</Field>
<Field Name="Date_x0020_of_x0020_Birth1">1971-12-18T00:00:00Z</Field>
</Method>
But that returns:
<Results>37671971-12-18T00:00:00Z<Result ID="1" Code="-2130575350">
<ErrorText>Invalid URL Parameter
The URL provided contains an invalid Command or Value. Please check the URL again.
</ErrorText>
</Result>
3767Date_x0020_of_x0020_Birth1
<Result ID="1" Code="-2147023673">
<ErrorText>The operation failed because an unexpected error occurred. (Result Code: 0x800704c7)</ErrorText>
</Result>
</Results>
"Update" is the right CMD, and it sounds like the update is occuring fine (updating the version number).
That just leaves the field, and it is probably the "Name" you are using.
Did you try using the urn prefix (urn:schemas-microsoft-com:office:office#Date_x0020_of_x0020_Birth1)
Can you try updating a different field, like the title. (urn:schemas-microsoft-com:office:office#Title)
If that all fails you could try using the UpdateListItems on the lists.asmx