This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Best way to dissect multiple version of the same proprietary protocol ?

0

Hi,

Our project often updates our proprietary protocol, we'll call the protocol: ZEPROTO. Our softwares use a single version of ZEPROTO, examples:

  • software_01 uses ZEPROTO v01
  • software_02 uses ZEPROTO v02, ...
  • During development, we use ZEPROTO vTrunk.

All versions use the same ports to communicate and are not necessarily backward compatible. Until now, we didn't have anything specific in the packet which could tell the version of the packet itself. We've added this feature recently, example:

  • At the beginning of the packet : 0x00 0x05 0x20 0x01 0xNN ... 0xMM means that the version of ZEPROTO is v5.2.1 followed other data.

Since we don't have the version bytes in previous version of ZEPROTO and there is no specific pattern allowing us to distinguish a version from data, we can't decode properly.

Now (thank you if you've read until here), what can I do ?

  • Can I have as many DLL for the same protocol but with different version ?
  • Can I have a single DLL but with many dissectors or other things that I could disable/enable from the protocol Menu ?

What's the best ?

asked 10 Mar '16, 05:48

_michel's gravatar image

_michel
11346
accept rate: 0%


One Answer:

2

Probably easiest to have a single DLL with a protocol preference to manually select the version of protocol to decode the data as. One option for the preference could be "automatic", for use where the protocol has the version in the packet.

answered 10 Mar '16, 07:44

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

well, that's the problem. For old versions, without the version 4 bytes, there is a chance that the data bytes look like version bytes.

(10 Mar '16, 09:06) _michel

So the user will have to manually set the preference to "old version xxx". Hopefully the users will know what version they are expecting to see.

If there are truly no heuristics available to determine the different protocol versions, then it will have to be done via a manual preference setting.

Using different dissectors means instead of a preference setting the user will have to manually chose "Decode As ..." and the required version. IMHO though, creating different dissectors for a protocol that is likely to have lots in common between the versions is a lot more work.

(10 Mar '16, 09:30) grahamb ♦