Dissecting AX25 included in UDP-IP payload applying existing dissector.

Is it possible to dissect “on demand” the payload of some UDP packets applying the AX25 dissector over the payload of the UDP-OP packets

That would require a change of the dissector code.

Actually, there was some work on the way for this, but the author did not release his work, or stopped working on it.

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7529#c8

Cite:

Having said that, axip (ax.25 over IP) appears to work anyway, but not
axudp (ax.25 over UDP) or axtcp (ax.25 over tcp).  These probably only
require code to identify the payload type and then call the ax25 dissector.

You can try to contact the author of that statement and ask if he is willing to publish his code or to finish the work.

Regards
Kurt

To answer the above regarding ax25 over IP/UDP/TCP.

For AX.25 over IP there is a protocol identifier for the encapsulation. So that one is done.

For AX.25 over UDP/TCP the issue is that there are 65536 ports that could be used but only a few are and those vary with the site in question. So, with the assistance of Ugo (the original poster) I offer an solution based on LUA that will need to be tuned on a site by site basis for the ports in use.

Snip ----------------------------------------------------------
-- ax25-udp.lua
--
-- LUA script to handle AX.25 over UDP
-- Copyright 2015 R.W. Stearn <[email protected]>
--
-- This program is free software; you can redistribute it and/or
-- modify it under the terms of the GNU General Public License
-- as published by the Free Software Foundation; either version 2
-- of the License, or (at your option) any later version.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
--
--
– load the udp.port table
udp_table = DissectorTable.get( "udp.port" )
– get a handle to the AX.25 dissector
proto_ax25 = Dissector.get( "ax25" )
– register AX.25 to handle udp port
udp_table:add( 10093, proto_ax25 )
– register AX.25 to handle udp port
– udp_table:add( 10094, proto_ax25 )
Snip ———————————————————-
and
Snip ———————————————————-
– ax25-tcp.lua
– LUA script to handle AX.25 over TCP
– Copyright 2015 R.W. Stearn <[email protected]>
– This program is free software; you can redistribute it and/or
– modify it under the terms of the GNU General Public License
– as published by the Free Software Foundation; either version 2
– of the License, or (at your option) any later version.
– This program is distributed in the hope that it will be useful,
– but WITHOUT ANY WARRANTY; without even the implied warranty of
– MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
– GNU General Public License for more details.
– You should have received a copy of the GNU General Public License
– along with this program; if not, write to the Free Software
– Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
–
– load the tcp.port table
tcp_table = DissectorTable.get( "tcp.port" )
– get a handle to the AX.25 dissector
proto_ax25 = Dissector.get( "ax25" )
– register AX.25 to handle tcp port
tcp_table:add( 10093, proto_ax25 )
– register AX.25 to handle tcp port
– tcp_table:add( 35272, proto_ax25 )
Snip ———————————————————-
Snip ———————————————————-
– init.lua
dofile(USER_DIR.."ax25-udp.lua")
dofile(USER_DIR.."ax25-tcp.lua")
Snip ———————————————————-
The 3 code segments above need to be copied into 3 separate file
ax25-udp.lua
ax25-tcp.lua
init.lua
and placed in ${HOME}/.wireshark for user.
Regards
Richard
(Author of the AX.25 suite in Wireshark.)