Thomas Steffen wrote:
>
> I am trying to use ethereal 0.10.5 for debugging a network application.
> We use a custom protocol (in ASN.1) over SCTP. It nearly works, but
> there are three outstanding issues:
>
> 1. I can't get ethereal to analyse the data sent over SCTP (beyond
> giving a hex dump). If I send the same date over TCP, I can use
> Decode-as->Transport and select ASN1. However, for an SCTP stream, the
> Transport tab is not show. I guess this is a simple issue, but I don't
> know where to look for it.
Yes this should be easy to fix.
You can probably do this by making some small changes to plugins/asn1/packet-asn1.c
and rebuilding the ASN1 plugin.
Currently the ASN.1 dissectors registers for a configurable udp.port and a configurable tcp.port
dissector_add("tcp.port", global_tcp_port_asn1, asn1_handle);
dissector_add("udp.port", global_udp_port_asn1, asn1_handle);
The UDP/TCP port can be configured via Edit/Preferences.../Protocol/ASN.1
You could add some code so that it can register for a sctp.port (SCTP port number) and/or sctp.ppi (SCTP payload
protocol id).
>
> 2. Is it possible to make ethereal recognise the ASN1 data automatically?
You could have a configurable SCTP port number and/or SCTP ppi number similar to how you can configure TCP/UDP port
numbers.
It is also possible to use a heuristic dissector, but that is normally only useful if the packets have a very specific
"signature"
so that you can distinguish your protocol from other protocols (e.g. as for SIP protocol the PDU normally contains
"SIP/2.0"
in the beginning or the end of the first line of the message).
The SIP dissector is registered as a heuristic dissector:
heur_dissector_add("sctp", dissect_sip_heur, proto_sip);
In dissect_sip_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) there is some checking if the packet looks like
a SIP message.
For more details about heursitic disectors see doc/README.developer
>
> 3. Is it possble to autodetect the PDU type? We have several different
> message types, and they are defined as separate ASN.1 types.
You could maybe write a dissector (either as a plugin or a built-in dissector) for your ASN.1 PDUs.
There is now actually an ASN1 compiler included in Ethereal source code distribution, asn2eth.py,
that may be useful when making a Ethereal dissector for an ASN.1 based protocol.
The ASN.1 compiler is under development, but has already been used to generate som protocol dissectors (h235, x509).
I think that it should be possible to use it for ASN.1 PER, DER and BER, but there is some limitations and you will
have to write some code manually.
>
> Any suggestion would be very much appreciated. If changes to the code
> are necessary, I should be able to do that, if someone could point me
> into the correct direction...
