telecom • networking • design

an blog

Leave a comment

Generate sequence diagrams from PCAP files that carry tunneled GTP traffic

VisualEther 6.1.103 now supports generating sequence diagrams from tunneled messages in PCAP files. You can create filters that will ignore the outer GTP message and extract the fields from the inner message.
Capture inner and outer messages is GTP

Leave a comment

Visualize and Diagnose Wireshark PCAP Files with Sequence Diagrams

Introducing VisualEther Protocol Analyzer 6.1. Diagnose and debug Wireshark logs with sequence diagrams. Convert PCAP files into sequence diagrams and call flow diagrams by just defining the message fields that should be included in the diagrams. VisualEther takes of the rest, generating a well formatted sequence diagram. You can click on individual messages in the sequence diagram to see field level details.

VisualEther 6.1 adds the following features:

  • Full IPv6 Support
  • Convert any custom protocol to sequence diagrams. Fully customize the diagram generation.
  • Display message details as an expandable list.
  • Added support for Wifi and Ethernet frames

Wireshark to sequence diagrams

Visually debug protocol interactions


Generate sequence diagrams and call flow diagrams from Wireshark output. The sequence diagrams provide a visual trace of the packet flow between different nodes.

Use regular expressions to identify and flag error scenarios. Messages reporting session failure can be bookmarked in a PDF file, thus giving you quick access to the cause of failure. Protocol experts can identify the error scenarios upfront to speed up protocol debugging.

Summarize Wireshark output…

Wireshark Extraction Template

Define templates to select messages and the fields to be included in the generated diagrams. VisualEther analyzes the Wireshark output to generate documents that match the defined template. The template is defined as a simple XML file.

Support for IPv4, IPv6, Ethernet and Wifi is built in. TCP, UDP and SCTP transport layer support is also available out of the box.

You can customize the templates for any protocol that has an Wireshark dissector. Any custom source and destination addresses can be used to define the sequence diagram instance axes.

…while maintaining full message detail

Wireshark message shown in full detail.

Click on any message in PDF sequence diagrams. VisualEther shows you complete field level details of that message in a browser window.

The message nodes can be expanded and collapsed. This way you can focus on the part of the message that interests you.

Reverse engineer system design

Reverse engineer design from Wireshark

Reverse engineering system design by analyzing the message flow in an operational system. Design documents are generated from the Wireshark traces. The generated documents can be edited and reformatted using EventStudio System Designer.

Automate diagram generation from Wireshark PCAP Files

Wireshark to sequence diagram generation script

Automate capture of Wireshark logs with tshark and then use the VisualEther command-line mode to generate sequence diagrams and context diagrams.

Explore more


Sequence diagrams from Wireshark PCAP files

Announcing the release of VisualEther Protocol Analyzer 6.0.015 release.

VisualEther - Wireshark to Sequence Diagram Generation

  • Automate sequence diagram generation from the PCAP files with the built in command-line support. VisualEther can now be invoked from a script.
  • Built in support for Wi-Fi and Ethernet messages
  • Simplified message field analysis with collapsible message definition
  • Improved filtering to weed out repeated packets like RTP packets and broadcast messages.
  • Full support for .cap, .pcap, .pcapng and their .gz counterparts
  • Improved bookmarking for important messages. Bookmarked messages are appear in the bookmark pane of your PDF reader.
  • Improved processing for large PCAP files. VisualEther now automatically splits large files.
  • Reduced memory footprint in sequence diagram generation

1 Comment

3G UMTS Mobile Terminated Call Flow

Get a detailed look at a UMTS mobile terminating call. RANAP and RRC signaling in a terminating call is describe in detail.

3G UMTS Mobile Terminating Call Flow

3G UMTS Terminating Call Sequence Diagram

The RANAP message flow presented here was generated with VisualEther from a PCAP file.  The field level details have been preserved for the RANAP messages. Click on a RANAP messages in the sequence diagram to see full field level details. For example clicking on the Paging message reveals field level detail in the message.

ranap Radio Access Network Application Part

  • per.extension_bit 0… …. Extension Bit: False
  • per.choice_index Choice Index: 0
  • ranap.RANAP_PDU RANAP-PDU: initiatingMessage (0)
    • ranap.initiatingMessage initiatingMessage
      • ranap.procedureCode procedureCode: id-Paging (14)
      • per.enum_index Enumerated Index: 1
      • ranap.criticality criticality: ignore (1)
      • per.open_type_length Open Type Length: 21
      • ranap.value value
        • ranap.Paging Paging
          • per.extension_bit 0… …. Extension Bit: False
          • per.optional_field_bit .0.. …. Optional Field Bit: False (protocolExtensions is NOT present)
          • per.sequence_of_length Sequence-Of Length: 2
          • ranap.protocolIEs protocolIEs: 2 items
            • ranap Item 0: id-CN-DomainIndicator
              • ranap.ProtocolIE_Field ProtocolIE-Field
                • id: id-CN-DomainIndicator (3)
                • per.enum_index Enumerated Index: 1
                • ranap.criticality criticality: ignore (1)
                • per.open_type_length Open Type Length: 1
                • ranap.value value
                  • per.enum_index Enumerated Index: 0
                  • ranap.CN_DomainIndicator CN-DomainIndicator: cs-domain (0)
            • ranap Item 1: id-PermanentNAS-UE-ID
              • ranap.ProtocolIE_Field ProtocolIE-Field
                • id: id-PermanentNAS-UE-ID (23)
                • per.enum_index Enumerated Index: 1
                • ranap.criticality criticality: ignore (1)
                • per.open_type_length Open Type Length: 9
                • ranap.value value
                  • per.extension_bit 0… …. Extension Bit: False
                  • ranap.PermanentNAS_UE_ID PermanentNAS-UE-ID: iMSI (0)
                    • per.octet_string_length Octet String Length: 8
                    • ranap.iMSI iMSI: 21436587000200f0
                    • ranap.imsi_digits IMSI digits: 123456780020000