Finally I have found it!
In wireshark there is a checkbox for several protocol related options, in particular, for diameter defragmentation you need to mark the checkbox
Reassemble fragmented SCTP user messages
to get the long diameter messages properly displayed.
Each of these protocol options has its own tshark
correspondent parameter, here you have to use
-o sctp.reassembly:TRUE
.
(For general, look for the file preferences
belonging to wireshark.)
So, what method finally worked is
- First capture all (sctp) messages regularly:
tshark -i EL0 -f sctp -w raw_capture.pcap
- Then, if it is done, process the file by a further
tshark
command:
tshark -r raw_capture.pcap -R diameter -o sctp.reassembly:TRUE -V