This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

DG gryphon protocol

0

Hi. I'm not an expert with Wireshark by any means.. but have come across DG Gryphon Protocol whilst capturing information. I can't find any information on Wireshark about this so I would very much appreciate it if anyone can give me some information on this. I have tried the FAQs etc and tried the user guide.. but nothing. Google gives a certain amount of information, but I'd really like to hear from someone from Wireshark as to what this is.

asked 20 Aug '12, 19:35

Ghost's gravatar image

Ghost
1111
accept rate: 0%

2 Answers:

0

What is it that you wish to know ? A shot in the dark: Are you seeing some traffic on TCP port 7000 which is being dissected as gryphon but which may not really be gryphon ?

The README associated with the gryphon dissector source says:

Dearborn Group Technology has released under GPL this plugin for Wireshark. It decodes the protocol used by their Gryphon automotive network tool.

The plugin decodes the communication protocol, but not any vehicle network messages.

Dearborn Group Technology can be found at http://www.dgtech.com/ The author is Steve Limkemann [email protected]

The gryphon dissector was originally added to Ethereal (now known as Wireshark) in 1999.

answered 20 Aug '12, 20:51

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850
accept rate: 17%

edited 20 Aug '12, 20:57

In particular, Gryphon "is a hardware adapter that provides remote connectivity for multiplexed automation and automotive communication networks. GRYPHON doesn't require any programming and is ready to run out-of-the-box as a stand-alone product. It uses an Ethernet connection to provide a high-speed user interface." Plug Gryphon into a car or truck and into an Ethernet, and do diagnostics on the vehicle from a personal computer running the Gryphon control software controlling the Gryphon box.

(21 Aug '12, 13:38) Guy Harris ♦♦

...and Bill's guess in the first paragraph is probably the answer, especially if it shows a lot of the traffic as malformed. Unless you're working in an car/truck repair shop, you probably have nothing using the Gryphon protocol.

(21 Aug '12, 13:39) Guy Harris ♦♦

Hi. Yes, one thing I was curious about was why, after visiting a certain site for so long, I am just recently seeing Gryphon Protocol, and the other thing I was curious about is what you mentioned..in the protocol column it shows as Gryphor and in the Info column it shows as invalid. Thank you for your replies.. much appreciated. Not so easy when I am learning this by myself.

(22 Aug '12, 16:32) Ghost

0

Late entry, but posted for the benefit of those who might come after:

TCP7000/7001/7002 are associated with the Cisco Unified Communications/Call Manager (CUCM), either the Tomcat resource, and/or the Trace Collection Tool Service, and/or the Trace Collection servlet. I observe TCP7000 consistently on my network, and we have a LOT of Cisco VoIP and associated CUCM servers.

Here is the snip from my spreadsheet collection of protocols/ports:

"This port is used for communication between Cisco Trace Collection Tool Service and Cisco Trace Collection servlet."

HTH Ray, University of Wyoming

answered 25 Feb '14, 11:14

RD%20Monasmith's gravatar image

RD Monasmith
111
accept rate: 0%