I'm a bit overwhelmed by the Wireshark jargon and docs, but please bare with me. :) I am considering using Wireshark to inspect rather specific capture files of the following structure:
I assume I would be able to:
So:
asked 18 May '15, 08:33  Tomislav |
2 Answers:
There is already support for CCSDS frames in Wireshark, so it's probably the right tool for you ;-) However, I'm not sure how much of it has actually been implemented. If you have a sample capture file, try to open it with Wireshark and check what you get.
If there is something missing, you can
Regards answered 18 May '15, 08:45  Kurt Knochner ♦ edited 18 May '15, 10:57 showing 5 of 11 show 6 more comments |
This is getting enough past the "straightforward question" layer that it's probably best discussed on the wireshark-dev mailing list. ask.wireshark.org is better thought of as a "crowdsourced FAQ" than as a discussion forum like the mailing lists. The solution would probably involve code to read the raw files (if they consist of a sequence of the packets described in "Packet Format" in the document you cite, with each packet beginning with the sync word 1A CF FC 1D, it probably won't be hard to recognize files in the format), and code to parse the information wrapped around the CCSDS packets. Some or all of that could perhaps be written in Lua rather than C, at least for an initial implementation. answered 19 May '15, 16:31  Guy Harris ♦♦ Thank you Guy, if I need to push the discussion further, I'll move it to the list. (26 May '15, 00:03) Tomislav |
wsgd.free.fr seems to be back online.
Still errors....
Weird. It worked just now for me; perhaps they're having server problems, and, 23 minutes ago, it wasn't working, but it's OK now.
No, it was, I guess, using stuff locally cached in my browser; I did a reload and got that error.
CCSDS support already available?! Wow. Hadn't even crossed my mind as a possibility...will take a look at how it fares with my sample data first thing tomorrow!
Yes, it's insane how many exotic/esoteric protocols Wirshark supports. That makes it a superior tool ;-)
Check this out, or this.
Lots of interesting reading here, thanks everyone! Still, a raw file with CCSDS CADU frames doesn't appear to be a valid Wireshark "capture file": upon inspection, sample CCSDS capture files attached to one of the bug tracker issues obviously have a lot of dumpcap metadata, so I'm not sure how to "convert" the files I've got (as described above) to a capture file format that Wireshark can load. :| Any pointers, before I marke the question as answered?
I see a Link layer type on the horizon, cue Guy Harris. ;)
Or, if there's a good way to recognize those raw files, just add the ability to recognize and read those files to Wireshark's libwiretap library. The capture files in question have either Network General Sniffer metadata (not produced by dumpcap) or pcap-ng metadata (not unique to dumpcap), because they're packet capture files in that format; they contain Ethernet frames with CCSDS packets, detected by some heuristics. We also support dissecting CCSDS packets in VCDUs, with the VCDUs encapsulated in UDP packets, and CCSDS packets in Enhanced HOSC System packets, with the EHS packets encapsulated in UDP packets.
(For what it's worth, wsgd.free.fr appears to be back now.)