This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Dissecting AX25 included in UDP-IP payload applying existing dissector.

1

Hello Wireshark gurus,

I have several frames where the UDP payload carries frames of AX25 protocol (AX25 is normally a DataLink layer protocol, but here we are dealing with AX25 over UDP-IP). The fantastic Wireshark is already able to dissect AX25 as DataLink layer protocol (dissector well running). Is it possible to dissect “on demand” the payload of some UDP packets applying the AX25 dissector over the payload of the UDP-OP packets, without developing a specific “AX25 over UDP-IP” dissector ? Any help appreciated Thank-you Cheer Ugo

asked 06 Apr '15, 07:50

Ugo's gravatar image

Ugo
17114
accept rate: 0%

edited 07 Apr '15, 00:59

grahamb's gravatar image

grahamb ♦
19.8k330206


2 Answers:

0

Is it possible to dissect “on demand” the payload of some UDP packets applying the AX25 dissector over the payload of the UDP-OP packets

That would require a change of the dissector code.

Actually, there was some work on the way for this, but the author did not release his work, or stopped working on it.

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7529#c8

Cite:

Having said that, axip (ax.25 over IP) appears to work anyway, but not
axudp (ax.25 over UDP) or axtcp (ax.25 over tcp).  These probably only
require code to identify the payload type and then call the ax25 dissector.

You can try to contact the author of that statement and ask if he is willing to publish his code or to finish the work.

Regards
Kurt

answered 06 Apr '15, 09:31

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

@Ugo: You rewarded 4 reputation points to me. I'm not sure if you wanted to do that, so I'm rewarding them back to you.

This site works by up-voting answers (thumbs up) and/or by accepting an answer (check mark). See FAQ.

(06 Apr '15, 11:16) Kurt Knochner ♦

0

To answer the above regarding ax25 over IP/UDP/TCP.

For AX.25 over IP there is a protocol identifier for the encapsulation. So that one is done.

For AX.25 over UDP/TCP the issue is that there are 65536 ports that could be used but only a few are and those vary with the site in question. So, with the assistance of Ugo (the original poster) I offer an solution based on LUA that will need to be tuned on a site by site basis for the ports in use.

Snip ----------------------------------------------------------
-- ax25-udp.lua
--
-- LUA script to handle AX.25 over UDP
-- Copyright 2015 R.W. Stearn <[email protected]>
--
-- This program is free software; you can redistribute it and/or
-- modify it under the terms of the GNU General Public License
-- as published by the Free Software Foundation; either version 2
-- of the License, or (at your option) any later version.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
--
--

– load the udp.port table udp_table = DissectorTable.get( "udp.port" )

– get a handle to the AX.25 dissector proto_ax25 = Dissector.get( "ax25" )

– register AX.25 to handle udp port udp_table:add( 10093, proto_ax25 )

– register AX.25 to handle udp port – udp_table:add( 10094, proto_ax25 ) Snip ———————————————————-

and

Snip ———————————————————- – ax25-tcp.lua

– This program is free software; you can redistribute it and/or – modify it under the terms of the GNU General Public License – as published by the Free Software Foundation; either version 2 – of the License, or (at your option) any later version.

– This program is distributed in the hope that it will be useful, – but WITHOUT ANY WARRANTY; without even the implied warranty of – MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the – GNU General Public License for more details.

– You should have received a copy of the GNU General Public License – along with this program; if not, write to the Free Software – Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

– load the tcp.port table tcp_table = DissectorTable.get( "tcp.port" )

– get a handle to the AX.25 dissector proto_ax25 = Dissector.get( "ax25" )

– register AX.25 to handle tcp port tcp_table:add( 10093, proto_ax25 )

– register AX.25 to handle tcp port – tcp_table:add( 35272, proto_ax25 ) Snip ———————————————————-

Snip ———————————————————- – init.lua dofile(USER_DIR.."ax25-udp.lua") dofile(USER_DIR.."ax25-tcp.lua") Snip ———————————————————-

The 3 code segments above need to be copied into 3 separate file ax25-udp.lua ax25-tcp.lua init.lua

and placed in ${HOME}/.wireshark for user.

Regards Richard (Author of the AX.25 suite in Wireshark.)

answered 07 Apr ‘15, 09:12

rstearn's gravatar image

rstearn
62
accept rate: 0%

edited 07 Apr ‘15, 09:18