Hello everyone, I recently upgraded to version Version 1.10.3 (SVN Rev 53022 from /trunk-1.10) from version 1.7.1 and have noticed that the when dissecting coap7-coap8 messages are not being decoded correctly. Specifically I am referring to the first option of all COAP messages [coap-problem.pcapng]. Is there a way to "downgrade" the dissector? I imagine the right way to go about it is to update/fix the dissector. However I am a complete beginner when it comes to how to do this. asked 12 Nov '13, 19:06  maguirre edited 12 Nov '13, 19:15  Bill Meier ♦♦ |
One Answer:
If you are running on Windows, you can just re-install an earlier version of Wireshark. (The existing version will be removed). (or: do an uninstall first before installing the new version). (See the download section of wireshark.org for older Windows versions). If you are running on a different platform, I would expect that you should be able to uninstall Wireshark and then install a previous version using tools/repositories available on that platform. (I'm assuming that the Wireshark 1.7 being used was not built manually [which may be an incorrect assumption]). In any case, version 1.7.1 was a development Wireshark version; I suggest you try the latest "old stable release": v 1.8.11 Also: if you feel that there's been a regression, please file a bug report at bugs.wireshark.org with the details and attach the capture file. That way the issue can be tracked and addressed as needed. answered 12 Nov '13, 19:24 Bill Meier ♦♦ edited 12 Nov '13, 19:36 |
It appears that there have been a number of updates to the COAP dissector (some of which which appeared in Wireshark 1.10) to reflect changes in the spec.
(See some of the "commit log" entries below.
Are there different implementations of COAP "in the wild" such that the dissector needs to be able to handle different versions ??
Based upon the comments in the Wireshark COAP dissector source, it appears that the COAP versions supported by Wireshark are as follows:
=============
(Some commit log entries for the COAP dissector).
r49882 | 2013-06-11 01:31:10 -0400
There were some changes in how to specify the length or give a bigger option delta. This is now implemented how it is specified in CoAP draft 17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8780
r49881 | 2013-06-11 01:27:47 -0400
There is no option length attribute any more there is just the end of options marker. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8780
r49880 | 2013-06-11 01:23:52 -0400
The field named Transaction ID is named Message ID in the RFC draft version 17 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8780
r49879 | 2013-06-11 01:20:33 -0400
The token is not an option any more, but it is now in the main header. This was done between CoAP draft 12 and 13 and still exists in CoAP draft 17.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8780
r48471 | 2013-03-21 20:12:44 -0400
via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8070
Update CoAP dissector to the latest spec from the IETF, and make several more fields filterable.
CoAP has been an approved standard since 2013-07-11 (draft-ietf-core-coap-18), and there is little point in keeping support for pre-13 versions of the protocol around. Note that -13 to -18 are essentially the same except for the Accept option, and with a little tweak to the Accept option you might even support both the option number 16 used in -13 to -17 and the option number 17 that is the approved standard.
If you really need any pre-13 versions, it is probably best to use the Lua dissector to continue support for old versions of CoAP.
Thanks Bill, It appears the standard changed so much that now the dissector doesn't quite understand COAP-7-8. While I think it makes sense to stay using older versions until my devices implement the latest Coap Standard. However given that the work was already done wouldn't it make sense to support several versions of the standard by using different dissectors?