Wireshark mailing list archives
Wireshark 3.2 SOME/IP Dissector Payload interpretation
From: "Peimann, Jannis" <jannis.peimann () continental-corporation com>
Date: Mon, 17 Feb 2020 12:45:50 +0000
Hello Wireshark Dev Team, I want to use the new integrated SOME/IP Dissector in Wireshark. Unfortunately I am not able to find a documentation for Wireshark SOME/IP payload configuration. I know that Dr. Lars Voelker wrote this dissector and I’ve already read the protocol documentation from his website (some-ip.com) and tried to analyze his source code (packet-someip.c and packet-someip.h). To manually dissect the payload is not a problem for me, but I am not able to do it in Wireshark. I want to use his dissector for a company project and write my own script that creates the Wireshark config files for his dissector. We use ARXML files, I want to extract the information from them and then create the Wireshark configs for SOME/IP. But at the beginning I want to do it manually. I saw that he has a SOME/IP Fibex4 to Wireshark config dissector on his Github Account (https://github.com/LarsVoelker/FibexConverter). Unfortunately we do not have any SOME/IP Fibex files and the Fibex4 (ASAM MCD-2 NET Standard) is not accessible for free. Maybe you could provide us an example Fibex4 SOME/IP file that would be great, so we could create a Wireshark configuration with his script and could do some reverse engineering. My problem: If I go to the Wireshark Settings for the SOME/IP Protocol I have plenty of possibilities to dissect my payload. Setting up my UDP Ports, SOME/IP Services and SOME/IP Methods is not a problem and already working. But I am stuck with payload dissection. I don't know how to correctly configure the SOME/IP Parameter. Example: Service ID: 0x8888 (TestService) Method ID: 0xaaaa (method_a) or 0xbbbb (method_b) SOME/IP Version: 0x01 Interface Version 0x01 Message Type: 0x02 (Notification) Return Code: 0x00 (Ok) Example Payload: 00 00 00 22 00 00 00 1e 20 00 00 00 00 01 00 01 01 00 02 01 00 03 01 00 04 01 00 05 01 00 06 01 20 07 00 00 00 1f Example Analysis: [cid:image004.jpg@01D5E598.8A24B9B0] What I want to see for the payload: [cid:image006.jpg@01D5E598.8A24B9B0] Error messages I get for the example: [cid:image007.jpg@01D5E598.8A24B9B0] My settings for SOME/IP in Wireshark->Settings: Set UDP Ports accordingly Set SOME/IP Services Set SOME/IP Methods Check box for Dissect Payload SOME/IP parameter List: Service ID: 8888 Method ID: bbbb Version: 1 Message Type: 2 Number of Parameter: 8 Parameter Position: 0 Parameter Name: property_a Parameter Type: 4 ID Reference: 1 SOME/IP Parameter Structs: ID: 1 Struct Name: struct_a Length of Length Field: 32 Pad to: 0 Number of Items: 1 Parameter Position: 0 Parameter Name: test_a Parameter Type: 4 ID Reference: 2 If you want to simulate it, you can use Scapy for Windows like me: load_contrib("automotive.someip") u = UDP(sport=30509, dport=30509) i = IP(src="192.168.0.13", dst="192.168.0.10") sip = SOMEIP() sip.iface_ver = 1 sip.proto_ver = 1 sip.msg_type = "NOTIFICATION" sip.retcode = "E_OK" sip.srv_id = 0x8888 sip.method_id = 0xbbbb sip.add_payload(‘\x00\x00\x00\x22\x00\x00\x00\x1e\x20\x00\x00\x00\x00\x01\x00\x01\x01\x00\x02\x01\x00\x03\x01\x00\x04\x01\x00\x05\x01\x00\x06\x01\x20\x07\x00\x00\x00\x1f‘) p = i/u/sip send(p) Would be great, if you could give me any hints to solve that problem. Thanks in advance for your help. Mit freundlichen Grüßen/Best regards, Jannis Peimann Dual Student Technical Informatics VNI CE EU WET HR Besucheradresse / Visitor address: Continental Automotive GmbH Philipsstrasse 1, 35576 Wetzlar, Deutschland Postfach 14 40, 35573 Wetzlar, Deutschland Rechnungsanschrift / Invoice address: Continental Automotive GmbH Philipsstrasse 1, 35576 Wetzlar, Deutschland Postfach 14 40, 35573 Wetzlar, Deutschland E-Mail: jannis.peimann () continental com<mailto:jannis.peimann () continental com> Web: www.continental-automotive.com [cid:image012.png@01D5E598.8A24B9B0] <$$014!> https://www.continental.com ________________________________________________________________________ Continental Automotive GmbH, Vahrenwalder Str. 9, D-30165 Hannover Vorsitzender des Aufsichtsrats/Chairman of the Supervisory Board: Helmut Matschi Geschaeftsfuehrer/Managing Director: Georg Sistermanns, Harald Stuhlmann Sitz der Gesellschaft/Registered Office: Hannover Registergericht/Registered Court: Amtsgericht Hannover, HRB 59424 USt.-ID-Nr./VAT-ID-No. DE814950663 ______________________________________________________________________ Proprietary and confidential. Distribution only by express authority of Continental AG or its subsidiaries.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Wireshark 3.2 SOME/IP Dissector Payload interpretation Peimann, Jannis (Feb 17)