My task is to learn about Wireshark dissectors, so that my team can in general be able to translate hexadecimal digits to engineering digits in Wireshark. My guess is we should think about translating raw data, message data, and data captures (maybe even dumps) in Wireshark output. (I don't know what plugins we be will be using!) What can you tell me? Do I have to use a dissector to translate hex to engineering units? Is there some sore of GUI Wireshark option I can set? Is there a file I can change? Does someone have a complete and easy setup dissector to do this already? What are my options? What is the easiest dissector product to use? Also, what is the best product to use? Whatever my team decides to choose, what will be my limitations? What are problems with doing this? (Note: I've watched a TSN.1 dissector video on YouTube, but I know nothing about what will be installed with whatever version of Wireshark that our team decides to use.) Has the process of generating engineering units changed in the last decade? On the Internet, I found only one article related to this problem. The article title is below, but it didn't tell me anything. It lack inituition. The article only talks about using a custom dissector. Wireshark Topic: How to decode and display as ASCII? Finally, if you have an answer for me and my team can you explain it to me in a step by step way with baby steps. I.E.: Can you share with me exactly what the first step, second step, third step, upto the nth step is, in as much detail as possible. I've never worked with Wireshark before beyond a few good videos at www rti com. Thank you, Mike asked 01 Sep '17, 05:08 Mike123456 converted 01 Sep '17, 05:13 Guy Harris ♦♦ |
One Answer:
This can (almost) all be achieved by using so called header fields. When you study dissector development (see README.dissector) you'll come across these. Further discussion would probably be appropriate on the Wireshark Developers mailing list since this is not a forum, but a Q&A site. answered 07 Sep '17, 03:04 Jaap ♦ |
What do you mean by "engineering digits" and "engineering units"?
I went back to my team to answer your question!
I'll explain to you what my team wants accomplished. By doing that I will explain to you what engineering data units we want. Simply, all we want are 3 "on" and "off" values and 2 integer values.
Caveat: I'm using all make believe data from a Wireshark Captured data. My team doesn't want me to publish actual data.
(1) Captured Wireshark data from three areas of Wireshark:
Message:
Raw Data:
(2) My explanation of the above hexadecimal data:
Above byte 1 has only 3 bits (above right 3 bits) that have to be translated to "on" or "off" values. I.E.: We want to see "on" or "off" instead of "1" and "0." The other bits (above left 5 bits) can be ignored and not shown at all in the message window. They'll still be visible in the raw data. The 3 right bits represent 3 separate switches.
Above bytes 2 through 4 have two integer values from -127 to 127. Again some of the bits will not be used and can be ignored and not shown at all in the message window. They'll still be visible in the raw data. The bits that makeup the two integer values are distributed in the 3 above bytes and are not consecutive. Here is the actual placement of the 16 bits that makeup the two integer values between -127 to 127. These two integer values represent a single joystick which can be moved left or right from a resting position.
So, my team wants me to pick out the above bits to create and display two integer values.
FYI: This is only my preliminary initial task. I.E.: This is the first message that my team wants me to create a dissector for. There are other messages that I will be given later to work on and display in a nice way.
By "left" and "right", as in "left 5 bits" and "right 3 bits", do you mean "upper" and "lower", so that the high-order bit, and the 4 bits below it, are the "left 5 bits", and the 3 bits below that, going down to the low-order bit, are the "right 3 bits", so that, for 0x20, which is 00100000 in binary, the "left 5 bits" are "00100", and the "right 3 bits" are "000", and all 3 bits are "off", and the "00100" can be ignored?
Yes, that is exactly what my team tells me to implement.