Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Modify ASN1 developed dissector

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Anders Broman <anders.broman@xxxxxxxxxxxx>
Date: Thu, 2 Oct 2014 10:50:18 +0000

Hi,

You need to modify the template and possibly the .cnf file to insert your changes into the generated code there shouldn’t be a need to modify the ASN1 files.

 

I have no knowledge of the protocol itself so this is just general statements. If the UDP packets contains multiple PDU’s you probably have to check the PDU length

And loop trough the UDP data until all of the buffer has been read. Reassembly should be done in a similar way if the PDU size is bigger than the received UDP segment

You should call the reassembly code until enough data has been received. It looks like it might be unaligned PER which might be a challenge to handle if PDUs don’t align to byte boundaries, if fragments don’t align shouldn’t be a (big) problem.

 

Regards

Anders

 

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Victor Xiang
Sent: den 2 oktober 2014 01:17
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Modify ASN1 developed dissector

 

Hi,

 

I am trying to use the TETRA dissector, which is developed in ASN1.

 

After a couple of weeks analyzing through the code with my TETRA packets, I wasn’t able to see some of the MAC procedures described in the ETSI’s drafts of this mobile communications protocol and the author of the dissector confirmed me they are not implemented.

Specifically, I couldn’t see any dissociation nor reassembling after fragmentation.

 

The process of association means that a logical channel of a packet can contain multiple PDUs. So to do the dissociation I should add some loops inside a logical channel to go through all the PDUs by checking the length field of each one and separating them in a new subtree.

The fragmentation of a PDU is done in bits and not in bytes. I mean, the fragmented part could begin in the bit number 10 of a PDU (not beginning in a new byte). I would like to see the reassembled SDU in the last fragmented packet.

 

As I am new in Wireshark development, I would like to know if it would be possible to modify easily an ASN1 developed dissector to include this features and a couple of tips of how should I begin proceeding. As there are many files generated for this dissector, I am a bit lost and don’t know what’s the road I should follow.

 

Thanks in advance

 

Victor Xiang

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube