Wireshark · Ethereal-dev: [Ethereal-dev] Heuristic Dissectors for Serial Protocols Encapsulated in TCP

Ethereal-dev: [Ethereal-dev] Heuristic Dissectors for Serial Protocols Encapsulated in TCP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Neal Winblad" <NWinblad@xxxxxxxxxxxx>

Date: Wed, 26 Jan 2005 11:18:25 -0800

Gentlemen,

We would like to use Ethereal to look at not only Ethernet traffic but also various serial protocols which we will ship over Ethernet, encapsulated in TCP packets. We would like to write dissectors for these various protocols (e.g. Pan-Tilt-Zoom CCTV control, NTCIP variable message highway signs, RTMS radar detectors, etc.). Since these protocols were intended for direct serial connections they typically have no identification in the header as to what protocol these devices are speaking. We plan to use terminal servers manufactured by Digi International to translate from Ethernet network to serial port data. Digi has a protocol called Realport that runs on top of TCP and would have a TCP port number that would correspond to which serial port on the Digi box the serial signal it be routed to. Knowing that a particular protocol is being spoken on a given port of a given terminal server, we could presumably write a dissector that would know that at this given port # and IP address a given protocol is being spoken. Trouble is, there might be a couple dozen other addresses/ports also talking this same protocol. And, on the next project the addresses and ports will likely change. Is there a configuration file that could be filled in on a project by project basis that would do this mapping?

Or, we could put some protocol identifying characters in front of the Start-of-Header characters in the serial protocol that would allow a heuristic dissector to be able to identify them. Trouble here is that some of these serial protocols can’t afford the latency hit of these extra padding characters (e.g. Pan-Tilt-Zoom control can get sluggish and overshoot the scene you want to move the camera to). Can we add these identifier padding characters one time and Ethereal will learn what protocol is on what port/IP and then remember it for future packets? If so, will it remember this configuration information or would we have to send them again every time Ethereal is opened up?

Looking for your ideas on how to best accomplish this objective.

Thank You,

Neal Winblad

Sr. Project Engineer

Transdyn Controls, Inc.

5669 Gibraltar Dr.

Pleasanton, CA 94588

(925) 225-1600 x134

Follow-Ups:
- Re: [Ethereal-dev] Heuristic Dissectors for Serial Protocols Encapsulated in TCP
  - From: Ulf Lamping

Prev by Date: [Ethereal-dev] Problem with upgrading Win32 packages
Next by Date: [Ethereal-dev] FYI - bug (with patch) for ethereal-0.10.9
Previous by thread: Re: [Ethereal-dev] Problem with upgrading Win32 packages
Next by thread: Re: [Ethereal-dev] Heuristic Dissectors for Serial Protocols Encapsulated in TCP
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$